Intelligent CISO Issue 52 - Page 27

editor ’ s question

HOW CAN ORGANISATIONS IMPROVE THEIR

CLOUD SECURITY ?

? he 2022 Thales

T

Cloud Security Report reveals that 45 % of businesses have experienced a cloudbased data breach or failed audit in the past 12 months , up 5 % from the previous year , raising greater concerns regarding protecting sensitive data from cybercriminals .
Globally , cloud adoption and notably multicloud adoption , remains on the rise . In 2021 , organisations worldwide were using an average amount of 110 Software-asa-Service ( SaaS ) applications , compared with just eight in 2015 , showcasing a startlingly rapid increase .
There has been a notable expansion in the use of multiple IaaS providers , with almost three-quarters ( 72 %) of businesses using multiple IaaS providers , up from 57 % the year before . The use of multiple providers has almost doubled in the last year , with one in five ( 20 %) respondents reporting using three or more providers .
Despite their increasing prevalence and use , businesses share common concerns about the increasing complexity of cloud services with the majority ( 51 %) of IT professionals agreeing that it is more complex to manage privacy and data protection in the cloud .
Additionally , the journey to the cloud is also becoming more complex , with the percentage of respondents reporting that they ’ re expecting to lift and shift the simplest of migration tactics , dropping from 55 % in 2021 to 24 % currently .
Security challenges of multi-cloud complexity
With increasing complexity comes an even greater need for robust cybersecurity . When asked what percentage of their sensitive data is stored in the cloud , a solid majority ( 66 %) said between 21-60 %. However , only a quarter ( 25 %) said they could fully classify all data .
Additionally , nearly a third ( 32 %) of respondents admitted to having to issue a breach notification to a government agency , customer , partner or employees . This should be a cause for concern among enterprises with sensitive data , particularly in highly regulated industries .
Cyberattacks also present an ongoing risk to cloud applications and data . Respondents reported an increasing prevalence of attacks , with a quarter ( 26 %) citing an increase in malware , 25 % in ransomware and one-fifth ( 19 %) reporting seeing an increase in phishing / whaling .
Protecting sensitive data
When it comes to securing data in multicloud environments , IT professionals view encryption as a critical security control . The majority of respondents cited encryption ( 59 %) and key management ( 52 %) as the security technologies they currently use to protect sensitive data in the cloud .
However , when asked what percentage of their data in the cloud is encrypted , only 11 % of respondents said between 81 – 100 % is encrypted . Additionally , key management platform sprawl may be an issue for enterprises . Only 10 % of respondents use one to two platforms , 90 % use three or more and almost one in five ( 17 %) admitted using eight or more platforms .
Encryption should be a priority area for enterprises to focus on when it comes to securing data in the cloud . In fact , 40 % of respondents stated that they were able to avoid the breach notification process because the stolen or leaked data was encrypted or tokenised , showcasing the tangible value of encryption platforms . www . intelligentciso . com
27