According to the 2021 Thales Global Cloud Security Study, commissioned by Thales and conducted by 451 Research, a division of S&P Global Market Intelligence, 40% of organisations have experienced a cloud-based data breach in the previous 12 months. Despite an increase in cyber-attacks targeting cloud data, the vast majority of businesses (83 percent) still fail to encrypt half of the sensitive data they store in the cloud, raising even more concerns about the impact cyber criminals can have.
 
Pandemic has accelerated cloud transformation
Cloud adoption is on the rise and businesses are continuing to diversify the way they use cloud solutions. Globally, 57% of respondents reported they make use of two or more cloud infrastructure providers, whilst almost a quarter (24%) of organisations flagged that the majority of their workloads and data now reside in the cloud. In fact, according to a recent study by McKinsey & Company, companies globally have accelerated their cloud adoption by three years compared to pre-pandemic adoption rates. This marks a significant shift in the use of cloud-based solutions, from being purely data storage solutions, to environments in which data is used transactionally and supports day-to-day business operations. 
 
Security in the cloud is mixed
According to the study, one-fifth (21%) of businesses store the majority of their sensitive data in the cloud, and 40% have experienced a data breach in the last year. There are some common trends in where businesses turn when deciding how to secure their cloud infrastructure, with 33% citing multi-factor authentication (MFA) as a key component of their cybersecurity strategy. Only 17% of those polled have encrypted more than half of the data they store in the cloud. When organisations use a multicloud strategy, this figure drops to 15%.
 
Even where businesses protect their data with encryption, 34% of organisations leave the control of keys to service providers rather than retaining control themselves. Where large numbers of organisations fail to protect their data sufficiently with encryption, limiting potential access points becomes even more critical. However, nearly half (48%) of business leaders globally admitted their organisation does not have a Zero Trust strategy, and a quarter (25%) aren’t even considering one. 
 
Complexity as a concern
Businesses share common concerns about the increasing complexity of cloud services. Almost half (46%) of global respondents claimed managing privacy and data protection in the cloud is more complex than on-premises solutions. 
 
Hybrid models are common with many organisations not moving entirely to the cloud. 55% of businesses have indicated a preference for a ‘lift & shift’ approach to cloud adoption over re-architecting, as cloud becomes a more integrated part of the business infrastructure. 
 
Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales comments: “Organisations across the world are struggling to navigate the increased complexity that comes with greater adoption of cloud-based solutions. A robust security strategy is essential to ensuring data and business operations remain secure. With nearly every business reliant on the cloud to some extent, it is vital that security teams have the ability to discover, protect, and maintain control of their data.”
 
Fernando Montenegro Principal Research Analyst, Information Security at 451 Research, part of S&P Global Market Intelligence added from the 2021 Thales Global Cloud Security Study: “Protecting customer data is always the priority, and organisations should strongly consider reviewing their strategies and approaches to proactively protect data in cloud. This includes understanding the role of specific technologies including encryption and key management, as well as the shared responsibilities between providers and their customers. As data privacy and sovereignty regulations grow, it will be paramount that organisations have a clear understanding of how they remain responsible for data security and make clear decisions about who is in control and who can access their sensitive data.”