Thales has released its 2023 Thales Cloud Security Study, an annual assessment of the latest cloud security threats, trends and emerging risks based on a survey of nearly 3,000 IT and security professionals across 18 countries.
This year’s study found that 39 percent of businesses experienced a data breach in their cloud environment last year, an increase on the 35 percent reported in 2022. In addition, human error was reported as the leading cause of cloud data breaches by over half (55 percent) of those surveyed.
This comes as businesses reported a dramatic increase in the level of sensitive data stored in the cloud. Three quarters (75 percent) of businesses said that more than 40 percent of data stored in the cloud is classified as sensitive, compared to 49 percent of businesses saying the same thing this time last year.
More than a third (38 percent) ranked software as a service (SaaS) applications as the leading target for hackers, closely followed by cloud-based storage (36 percent).
Despite the reported increase in sensitive data in the cloud, the study found low levels of encryption being used. Only a fifth (22 percent) of IT professionals reported that more than 60 percent of their sensitive data in the cloud is encrypted. According to the findings, on average, only 45 percent of cloud data is currently encrypted.
The study also found a lack of control over encryption keys by businesses, with only 14 percent of those surveyed stating that they controlled all of the keys to their encrypted data in their cloud environments. In addition, almost two thirds (62 percent) say they have five or more key management systems – creating increased complexity when securing sensitive data.
Multicloud causing operational complexity
The adoption of multicloud continues to surge, with more than three quarters (79 percent) of organizations having more than one cloud provider.
Notably, it's not just infrastructure that is experiencing this growth. The use of SaaS apps is also on the rise significantly. In 2021, 16 percent of respondents reported their enterprises utilising 51-100 different SaaS applications, while in 2023 this percentage increased to 22 percent.
Despite the expansion of cloud usage, a significant challenge remains. More than half (55 percent) expressed that managing data in the cloud is more complex than in on-premises environments – up from 46 percent compared to the previous year. Digital sovereignty is also front of mind for respondents. 83 percent expressed concerns over data sovereignty, and 55 percent agreed that data privacy and compliance in the cloud has become more difficult.
Pathways to better cloud security
Identity and access management (IAM) is a crucial measure in mitigating data breaches, emphasising the significance of strong security practices. Encouragingly, the adoption of robust multi-factor authentication (MFA) has risen to 65 percent, indicating progress in fortifying access controls.
Surprisingly, only 41 percent of organizations have implemented zero trust controls in their cloud infrastructure, and an even smaller percentage (38 percent) uses such controls within their cloud networks. These statistics highlight the need for greater emphasis on adopting comprehensive security measures to effectively safeguard sensitive data and enhance overall cyber resilience.
About the survey
The 2023 Thales Cloud Security Report was based on a global S&P Global Market Intelligence survey commissioned by Thales of almost 3000 executives with responsibility for or influence over IT and data security. Respondents were from 18 countries: Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Japan, Mexico, Netherlands, New Zealand, Singapore, South Korea, Sweden, the United Arab Emirates, the United Kingdom, and the United States. The survey was conducted in November and December 2022.
