Cloud Security Spending Rises as Breaches Highlight Encryption Gaps

June 25, 2024
Cloud Security Spending Rises as Breaches Highlight Encryption Gaps
The rise in cloud security spending has become a central focus for organizations globally, as highlighted by the 2024 Thales Cloud Security Study. Conducted through a survey of nearly 3,000 IT and security professionals across 18 countries in 37 industries, this study emphasizes the increasingly critical need to protect cloud environments. These environments have, unfortunately, become primary targets for cyber-attacks. As cloud computing proliferates across diverse sectors, the imperative to secure Software as a Service (SaaS) applications, cloud storage, and cloud management infrastructure becomes more pressing. The study reveals that 31% of attacks are aimed at SaaS applications, while 30% target cloud storage, and 26% focus on cloud management infrastructure. These statistics underscore a broader trend where cloud security now eclipses all other security disciplines as the top priority for organizations.

Rising Cloud Data Breaches and Their Root Causes

A significant revelation from the Thales study is that 44% of organizations have experienced a cloud data breach, with 14% of these breaches occurring within the last year alone. These breaches often stem from human error and misconfiguration, cited as the primary root causes in 31% of cases. Other critical factors include the exploitation of known vulnerabilities (28%) and inadequate use of Multi-Factor Authentication (MFA) (17%). The widespread adoption of cloud services has led to a situation where 66% of organizations use more than 25 SaaS applications. Furthermore, nearly half (47%) of all corporate data stored in the cloud is classified as sensitive. Despite this, a startlingly low percentage of enterprises—less than 10%—encrypt 80% or more of their sensitive cloud data. This gap in encryption highlights the urgent need for enhanced security protocols and measures.The vulnerabilities associated with human error and misconfiguration are particularly concerning, as these issues are often preventable through proper training and strict adherence to best practices. Exploitation of known vulnerabilities also points to a lack of timely patch management and system updates, underscoring the necessity for robust vulnerability management programs. The failure to implement Multi-Factor Authentication further exposes organizations to avoidable risks, suggesting a need for greater emphasis on strengthening authentication mechanisms. Given the high proportion of sensitive data stored in the cloud, it is evident that organizations must bolster their encryption strategies to protect against unauthorized access and potential data breaches.

Importance of Encryption and Digital Sovereignty

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing at Thales, highlighted the critical importance of understanding and managing the data stored in the cloud. He emphasized the need for organizations to be vigilant about the encryption keys they employ and to maintain visibility over data access. As the cloud attack surface continues to expand, robust security measures become essential, particularly in light of growing concerns over data sovereignty and privacy. The study notes that nearly a third (31%) of organizations see digital sovereignty as a crucial factor in future-proofing their cloud environments. To achieve this, many are refactoring applications to logically separate, secure, store, and process cloud data.The emphasis on digital sovereignty is driven primarily by a desire to future-proof (31%) organizations against emerging threats, with regulatory adherence also playing a significant role (22%). The initiatives to bolster digital sovereignty include measures designed to ensure that data storage and processing comply with local regulations and international privacy standards. Organizations are increasingly recognizing that robust encryption protocols are not just a technical requirement but a strategic necessity. By securing data both at rest and in transit, and by ensuring compliance with relevant regulations, businesses can better protect themselves against the growing menace of cyber-attacks.

The Path Forward: Enhanced Security Measures

Sebastien Cano, Senior Vice President for Cloud Protection and Licensing at Thales, underscored the critical need for organizations to understand and manage their cloud-stored data. He stressed the importance of vigilance regarding encryption keys and maintaining visibility over data access. As the cloud attack surface grows, rigorous security measures are essential, especially with rising concerns about data sovereignty and privacy. A study revealed that nearly one-third (31%) of organizations consider digital sovereignty crucial for future-proofing their cloud environments. To this end, many organizations are refactoring applications to logically separate, secure, store, and process cloud data.The focus on digital sovereignty is mainly driven by the need to safeguard against emerging threats (31%) and adhere to regulatory requirements (22%). Measures to enhance digital sovereignty aim to ensure compliance with local regulations and international privacy standards. Organizations increasingly view robust encryption protocols as a strategic necessity rather than just a technical requirement. By securing data at rest and in transit and ensuring compliance with relevant regulations, businesses can better protect themselves from the growing threat of cyber-attacks.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later