In an article on the effects of the pandemic on data creation and data storage, we briefly mentioned how storing data in the cloud is growing faster than creating data.
More and more enterprises are storing sensitive data in the cloud while cloud data management is on the rise and an increasing number deploys a CNAPP to build and run secure cloud native applications. These trends started before the crisis and will continue with the acceleration of digital transformation and digitization. It is a well-known fact that the corona crisis had an accelerating impact on the adoption of cloud computing and public cloud spending.
The need to work and interact with customers remotely required investments in data security and an accelerated migration to the cloud (McKinsey)
However, many enterprises will have to rethink their data management and, in particular, data security strategy for the hybrid and multi-cloud world we live in, as there are quite some cloud data security, cloud data protection, and overall information security and cybersecurity challenges.
According to the 2021 Thales Global Cloud Security Study, conducted by 451 Research (part of S&P Global Market Intelligence), forty percent of all organizations experienced a cloud data breach in the past twelve months (the study took place in January and February 2021).
Moreover, despite the increasing number of cyberattacks targeting data in the cloud, the vast majority (83 percent) of all companies still do not encrypt much of the sensitive data they store there. An overview of the study with more findings and recommendations by the people at Thales and 451 Research.
One fifth (21%) of businesses host the majority of their sensitive data in the cloud, while 40% reported a breach in the last year
The accelerating role of the cloud in data storage and use
The 2021 Thales Global Cloud Security Study also found that the use of the cloud continues to increase – and we do live in a multi-cloud world: 57 percent of respondents said they use two or more cloud providers.
Nearly a quarter (24 percent to be exact) say they have placed the vast majority of their workloads and data in the cloud.
According to a survey by McKinsey, companies have accelerated their move to the cloud by three years compared to the pace before the COVID-19 crisis. And there has been a substantial shift in the use of the cloud for mere data storage to environments where data is used for transactions and daily (digital) business operations.
Companies’ cloud data security measures
According to the Thales survey, 21 percent of companies indicate that the majority of all data in the cloud is sensitive data. As mentioned, 40 percent have experienced a data breach in the past year.
There are some common trends regarding the solutions companies deploy to secure their cloud infrastructure.
Fifty percent say multi-factor authentication (MFA) is a core component of their security strategy. However, only 17 percent of respondents have encrypted more than half of the sensitive data they store in the cloud.
Even when companies secure their data with encryption, 34 percent of all organizations worldwide leave the management of the keys to service providers rather than keeping the reins themselves. If legion organizations fail to adequately protect their data with encryption, reducing the number of potential access points becomes even more critical. However, nearly half of all business decision-makers (48%) admit that their organization does not have a zero-trust strategy in place. A quarter is not even considering it.
While a strong movement to the cloud is in progress, there are limited security controls in place for what is a new infrastructure element for most (Thales)
The perceived complexity of data protection in the cloud and the hybrid cloud model
Businesses are concerned about the increasing complexity of cloud services, according to the study. Nearly half (46 percent) of respondents said that managing privacy and data protection in the cloud is more complex than in on-premises environments.
Hybrid models are widely used by organizations that are not fully transitioning to the cloud. Fifty-five percent of these companies prefer an approach where data and applications are transferred to the cloud without any customization. That’s because the cloud has become a more integrated part of the business infrastructure.
Sebastien Cano, senior vice president of Cloud Protection & Licensing Activities at Thales, highlights the importance of a robust security strategy and the need for security teams to map, protect and keep a handle on all data.
Fernando Montenegro, Principal Research Analyst, Information Security at 451 Research, emphasizes that protecting customer data should always be a top priority in this regard.
Companies should proactively protect their data in the cloud and are advised to review their strategies.
Gaining an understanding of technologies such as encryption and key management is essential for Montenegro in this regard. The shared responsibility for security between cloud providers and their customers should also be considered.
And finally, enterprises must make clear decisions about who is responsible for their sensitive data and who can access it.
A data security strategy and sound data management approach is more critical than ever as more and more enterprises move down the path of digital business and people use digital services more frequently, spurred on by the corona crisis.
More information, data, and advice from 451 Research and Thales in the 2021 Thales Global Cloud Security Study
Below is an infographic with some of the key findings – the full version is available here. If you prefer some sound with that, there’s also a video on YouTube.
Top image: shutterstock (purchased under license); all other images belong to their respective mentioned owners and serve illustration purposes.
