Cloud data breaches are on the rise, finds Thales report

45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year, according to the new 2022 Thales Cloud Security Report, conducted by 451 Research, part of S&P Global Market Intelligence. 

Globally, cloud/multi cloud adoption remains on the rise, but despite their increasing use, businesses share common concerns about the increasing complexity of cloud services. 

The report found that 51% of IT professionals agree that it is more complex to manage privacy and data protection in the cloud. Additionally, the journey to the cloud is also becoming more complex, with the percentage of respondents reporting that they’re expecting to lift and shift, the simplest of migration tactics, dropping from 55% in 2021 to 24% currently.

Security challenges of the cloud

As the environment becomes increasingly complex, there is a greater need for more robust cyber security. When asked what percentage of their sensitive data is stored in the cloud, a solid majority (66%) said between 21-60%. However, only a quarter (25%) said they could fully classify all data.

Additionally, nearly a third (32%) of respondents admitted to having to issue a breach notification to a government agency, customer, partner or employees. 

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales said: “The complexity of managing multicloud environments cannot be overstated. Additionally, the growing importance of data sovereignty is increasingly raising questions for CISOs and Data Protection Officers when considering their cloud strategy, governance, and risk management. The challenge is not only where the sensitive data resides geographically, but even who has access to sensitive data inside the organisation.”

Encrypting sensitive data

Encryption is often a priority area for enterprises to focus on when it comes to securing data in the cloud. In fact, 40% of respondents stated that they were able to avoid the breach notification process because the stolen or leaked data was encrypted or tokenised, showcasing the tangible value of encryption platforms.

The majority of respondents cited encryption (59%) and key management (52%) as the security technologies they currently use to protect sensitive data in the cloud.

However, when asked what percentage of their data in the cloud is encrypted, only one in ten (11%) of respondents said between 81-100% is encrypted. Additionally, key management platform sprawl may be an issue for enterprises. Only 10% of respondents use one to two platforms, 90% use three or more, and almost one in five (17%) admitted using eight or more platforms.