Home > News > Top Stories > Cloud Data Breaches and Cloud Complexity on the Rise, Reveals Thales

Cloud App Management

Cloud Data Breaches and Cloud Complexity on the Rise, Reveals Thales

The 2022 Thales Cloud Security Report, conducted by 451 Research, part of S&P Global Market Intelligence, reports that 45% of businesses have experienced a cloud-based data breach or failed audit in the past 12 months, up 5% from the previous year1, raising even greater concerns regarding to protecting sensitive data from cybercriminals.

Globally, cloud adoption and notably multicloud adoption, remains on the rise. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications2, compared with just eight in 2015, showcasing a startlingly rapid increase. There has been a notable expansion in the use of multiple IaaS providers, with almost three-quarters (72%) of businesses using multiple IaaS providers, up from 57% the year before. The use of multiple providers has almost doubled in the last year, with one in five (20%) of respondents reporting using three or more providers.

Despite their increasing prevalence and use, businesses share common concerns about the increasing complexity of cloud services with the majority (51%) of IT professionals agreeing that it is more complex to manage privacy and data protection in the cloud. Additionally, the journey to the cloud is also becoming more complex, with the percentage of respondents reporting that they’re expecting to lift and shift, the simplest of migration tactics, dropping from 55% in 2021 to 24% currently.

Security Challenges of Multicloud Complexity

With increasing complexity comes an even greater need for robust cybersecurity. When asked what percentage of their sensitive data is stored in the cloud, a solid majority (66%) said between 21-60%. However, only a quarter (25%) said they could fully classify all data.

Additionally, nearly a third (32%) of respondents admitted to having to issue a breach notification to a government agency, customer, partner or employees. This should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries.

Cyber-attacks also present an ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with a quarter (26%) citing an increase in malware, 25% in ransomware and one-fifth (19%) reporting seeing an increase in phishing/ whaling.

Protecting Sensitive Data

When it comes to securing data in multicloud environments, IT professionals view encryption as a critical security control. The majority of respondents cited encryption (59%) and key management (52%) as the security technologies they currently use to protect sensitive data in the cloud.

However, when asked what percentage of their data in the cloud is encrypted, only one in ten (11%) of respondents said between 81-100% is encrypted. Additionally, key management platform sprawl may be an issue for enterprises. Only 10% of respondents use one to two platforms, 90% use three or more, and almost one in five (17%) admitted using eight or more platforms.

Encryption should be a priority area for enterprises to focus on when it comes to securing data in the cloud. In fact, 40% of respondents stated that they were able to avoid the breach notification process because the stolen or leaked data was encrypted or tokenised, showcasing the tangible value of encryption platforms.

Additionally, it is encouraging to see signs enterprises embrace Zero Trust and investing accordingly. Nearly a third of respondents (29%) said they are already executing a Zero Trust strategy, a quarter (27%) said they are evaluating and planning one and, 23% said they are considering it. This is a positive result, but there is certainly still room to grow.

“The complexity of managing multicloud environments cannot be overstated. Additionally, the growing importance of data sovereignty is increasingly raising questions for CISOs and Data Protection Officers when considering their cloud strategy, governance, and risk management. The challenge is not only where the sensitive data resides geographically, but even who has access to sensitive data inside the organisation. There are various solutions such as encryption and key management. Last but not least, continuing to embrace a Zero Trust strategy will be essential in securing these complex environments, helping to ensure organisations can support their data and manage future challenges.”

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales

Thales and 451 Research will discuss the findings in more detail during a webinar on 23 June 2022. To join, please visit the registration page.

About the 2022 Thales Global Cloud Security Study

As organizations step beyond the urgent actions of the last two years, they’re grappling with securing the more complex environments in which they now operate. The global edition of the 2022 Thales Cloud Security Study looked at various aspects of those impacts in a wide-ranging survey of security professionals and executive leadership that touched on issues including accelerated digital transformation, cloud migration, and the complexities of managing security in a multicloud world. The 2022 Thales Cloud Security Study is based on data from a survey of almost 2,800 security professionals and executive leaders. This research was conducted as an observational study and makes no causal claims.

About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies, investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum computing – to build a confident future crucial for the development of our societies. The Group provides its customers – businesses, organisations and governments – in the defense, aeronautics, space, transport, and digital identity and security domains with solutions, services and products that help them fulfil their critical role, consideration for the individual being the driving force behind all decisions.

Spotlight

More featured news

Spotlight

Related News

Cloud Infrastructure Management

The Manufacturing Sector Experiences More Attacks in the Cloud than Any Other Industry

PR Newswire: | January 19, 2024

Netwrix, a cybersecurity vendor that makes data security easy, today revealed additional findings for the manufacturing sector from its survey of 1,610 IT and security professionals across more than 100 countries. According to the survey, 64% of companies in the manufacturing sector suffered a cyberattack during the preceding 12 months, which is similar to the finding among organizations overall (68%). However, it turned out that the manufacturing sector experiences more cloud infrastructure attacks than any other industry surveyed. Among manufacturing companies that detected an attack, 85% spotted phishing in the cloud compared to only 58% across all verticals; 43% faced user account compromise in the cloud as opposed to 27% among all industries; and 25% dealt with data theft by hackers in the cloud compared to 15% for organizations overall. "The manufacturing sector relies heavily on the cloud to work with their supply chain in real time. This makes their cloud infrastructure a lucrative target for attackers — infiltrating it enables them to move laterally and potentially compromise other linked organizations, as happened to one the world's top meat processing companies. Credential compromise or malware deployed via a phishing email is just the beginning of the attack," says Dirk Schrader, VP of Security Research at Netwrix. "The attack surface in the cloud is always expanding, so it's critical for manufacturing companies to adopt a defense-in-depth approach," adds Ilia Sotnikov, Security Strategist at Netwrix. "First, they must rigorously enforce the principle of least privilege to limit access to sensitive data, which ideally includes just-in-time access to eliminate unnecessary entry points for adversaries. They also need to gain deep visibility into when and how critical data in the cloud is being used so that IT teams can promptly spot potential threats. Finally, they need to be prepared to minimize the damage from incidents by having a comprehensive response strategy that is regularly exercised and updated." To learn more about security trends, check out the complete 2023 Hybrid Security Trends Report. About Netwrix Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,500 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.

Cloud Storage

TRG Screen Announces Acquisition of Xpansion for Reference Data Usage Management

PR Newswire: | January 25, 2024

TRG Screen, the leading provider of enterprise subscription spend and usage management software, today announced it has acquired Xpansion, the leading provider of cloud-based solutions for reference data usage monitoring in the financial services industry. The acquisition of Xpansion will further solidify TRG Screen's position as a global market leader in market data management solutions. Xpansion – established in 2013 – is focused on empowering data operations teams to proactively manage their usage, control costs and optimize data workflows. Xpansion's offerings include Xmon, Xprocess and Xplore, and provide real-time analytics, giving clients unprecedented transparency, visibility and control into their reference data usage. This deal consolidates TRG Screen's unique position as the only provider of enterprise subscription management capabilities spanning the whole spectrum of market data optimization, from spend and inventory tracking, through to usage and enquiry management, exchange reporting and compliance. "Xpansion and TRG Screen have been partners for many years. Bringing Xpansion into the TRG Screen family is a very logical next step for both companies, given our strong relationship and shared view that the industry demand for integrated usage management solutions is going to continue to grow," said TRG Screen CEO Leigh Walters. "Xpansion is an established firm with excellent customer satisfaction and retention, and highly experienced and industry respected leadership. We are very excited at the opportunities this acquisition brings." "We are thrilled to be joining TRG Screen," said Xpansion co-founder and CEO Amjad Zoghbi. "Reference data usage is one of the most complex aspects of market data management, and managing it correctly is essential to maintaining contractual compliance and ensuring clients are right-sizing their usage based on actual consumption and business need. I'm very pleased that Xpansion's customers, and team, will now be part of the best-of-breed solution with the industry's leading provider of market data management solutions." The acquisition demonstrates TRG Screen's ongoing commitment to servicing the needs of market data consumers, vendors and exchanges. Financial terms of the transaction were not disclosed. About TRG Screen TRG Screen is the leading provider of enterprise subscription management solutions. Founded in 1998, TRG Screen is uniquely differentiated by its ability to monitor both spend and usage of data and information services including market data, research, software licenses, consulting and other corporate expenses. TRG Screen's solutions provide its customers with full transparency into their vendor relationships and their subscription spend and usage, enabling them to optimize their enterprise subscriptions. TRG acquired Priory Solutions in 2016, Screen Group in 2018, Axon Financial Systems in 2019, Market Data Insights in 2020, and Jordan & Jordan's Market Data Reporting (MDR) business in 2021 and with these acquisitions is now positioned as the global market leader in the financial, legal, and professional services markets. TRG Screen's product portfolio includes subscription spend, usage, enquiry and compliance solutions. For more information visit trgscreen.com. Follow TRG Screen on LinkedIn, @TRG Screen, and on Twitter, @trgscreen. About Xpansion Xpansion delivers next-generation reference data solutions that empower financial institutions to streamline their reference data operations, reduce costs, enhance data quality, and improve data discovery. With a focus on customer satisfaction, continuous innovation and quick time to value, Xpansion is a trusted partner for financial institutions in the buy- and sell-side as well as solution providers in the industry.