PARIS LA DÉFENSE — A recent report shows most companies are not encrypting a large portion of their sensitive data in the cloud.
The report by Thales indicates that despite an increase on cyber attacks on cloud data, 83% of companies don’t encrypt at least half of the sensitive data they store in the cloud.
Thales released the report last month: the 2021 “Thales Cloud Security Study.”
See more: The Cloud Security Market
Key findings in cloud security report
Pandemic has accelerated cloud transformation
Cloud adoption is on the rise and businesses are continuing to diversify the way they use cloud solutions. Globally, 57% of respondents reported they make use of two or more cloud infrastructure providers, whilst almost a quarter (24%) of organizations flagged that the majority of their workloads and data now reside in the cloud. In fact, according to a recent study by McKinsey & Company, companies globally have accelerated their cloud adoption by three years compared to pre-pandemic adoption rates. This marks a significant shift in the use of cloud-based solutions, from being purely data storage solutions, to environments in which data is used transactionally and supports day-to-day business operations.
Security in the cloud is mixed
According to the study, one fifth (21%) of businesses host the majority of their sensitive data in the cloud, while 40% reported a breach in the last year. There are some common trends as to where companies turn when considering how to secure their cloud infrastructure, with 33% reporting multi-factor authentication (MFA) as being a central part of their cybersecurity strategy. However, only 17% of those surveyed have encrypted more than half of the data they store in the cloud. This figure drops to 15% where organizations have adopted a multicloud approach.
Even where businesses protect their data with encryption, 34% of organizations leave the control of keys to service providers rather than retaining control themselves. Where large numbers of organizations fail to protect their data sufficiently with encryption, limiting potential access points becomes even more critical. However, nearly half (48%) of business leaders globally admitted their organization does not have a zero trust strategy, and a quarter (25%) aren’t even considering one.
Complexity as a concern
Businesses share common concerns about the increasing complexity of cloud services. Almost half (46%) of global respondents claimed managing privacy and data protection in the cloud is more complex than on-premises solutions.
Hybrid models are common with many organizations not moving entirely to the cloud. 55% of businesses have indicated a preference for a “lift and shift” approach to cloud adoption over re-architecting, as cloud becomes a more integrated part of the business infrastructure.
“Organizations across the world are struggling to navigate the increased complexity that comes with greater adoption of cloud-based solutions,” said Sebastien Cano, SVP for cloud protection and licensing, Thales.
“A robust security strategy is essential to ensuring data and business operations remain secure. With nearly every business reliant on the cloud to some extent, it is vital that security teams have the ability to discover, protect, and maintain control of their data.”
The 2021 “Thales Cloud Security Study” was commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence.
The report includes the viewpoints from over 2,600 executives with responsibility for or influence over IT and data security.
Respondents were from 16 countries/regions: Australia, Brazil, France, Germany, Hong Kong, India, Japan, Mexico, Netherlands, New Zealand, Singapore, South Korea, Sweden, the United Arab Emirates, the United Kingdom, and the United States.
Organizations represented a range of industries, with a primary emphasis on health care, financial services, retail, technology, and federal government.
Job titles ranged from C-level executives, including CEO, CFO, chief data officer, CISO, chief data scientist, and chief risk officer, to SVP/VP, IT administrator, security analyst, security engineer, and systems administrator.
Respondents represented a broad range of organizational sizes, with the majority ranging from 500 to 10,000 employees.
The survey was conducted in January and February 2021.
See more: Top Cloud Security Companies & Solutions