Companies and organisations increasingly store confidential or privacy-sensitive information in the cloud. Yet fewer companies were confronted with data breaches last year. Nevertheless, there is still a world to be won: only a tiny group encrypts the data they store in the cloud. This is according to Thales’s research published in the Thales Cloud Security Study today. In this annual review, the cybersecurity agency looks at relevant and current digital threats targeting the cloud and the latest security trends and risks. 3,000 IT professionals from eighteen countries, including the Netherlands, participated in the survey.
A handful of companies encrypt data in the cloud.
According to the study, two-thirds of companies (67%) store data in the cloud. More than 40 per cent of the data they store in the cloud is sensitive data. This makes them an attractive target for hackers. Nevertheless, practice shows that the number of data breaches decreased last year. Four in ten respondents (41 per cent) say they had to deal with a data breach in the cloud environment. In 2021 that was still 45 per cent. Although companies store more confidential information in the cloud, they only use encryption sparingly. Less than a fifth of IT professionals (17 per cent) say that more than 60 per cent of all sensitive data in the cloud is encrypted. Worldwide, an average of 45 per cent of all data in the cloud is secured with encryption. At most, 41% of companies worldwide use zero trust mechanisms within their cloud environment. Key management in our country needs to be improved, Thales notes. Only 6 per cent of the participants in the survey have authority and control over all encryption keys for encrypted data in the cloud. Nearly two-thirds of global respondents (62 per cent) report using five systems or more for key management. “This results in increasing complexity of the security of sensitive data,” say the researchers. Multi-factor authentication (MFA) increased to 65 per cent in the past year. According to the researchers, companies and organisations are progressing in strengthening their logical access control mechanisms. More and more authorities are also using Identity & Access Management (IAM) to prevent data breaches. Nevertheless, organisations face a significant challenge. A majority of 61 per cent of respondents tell Thales that managing the cloud has become more complex. Especially when compared to on-premise data management. According to half of those surveyed (55 per cent), ensuring privacy and compliance for data in the cloud has become more complex. Eight in ten respondents (83%) are concerned about data sovereignty.
Optimal safeguarding of valuable information
“Cloud environments should be treated as an extension of the existing IT infrastructure. Exclusive control over data and its security is critical to effective cloud security, especially when sensitive information is involved,” said Sebastien Cano, senior vice president of Cloud Protection & Licensing Activities at Thales. He emphasises that it is very important that Dutch companies and organisations retain control over encryption keys. “That way, they can take advantage of the scalability, cost-efficiency and accessibility of the cloud while ensuring optimal integrity and confidentiality of their valuable information.”