As the use of the cloud continues to be strategically vital to many organisations, cloud resources have become the biggest targets for cyber-attacks, with SaaS applications (31%), cloud storage (30%) and cloud management infrastructure (26%) cited as the leading categories of attack. Protecting cloud environments has risen as the top security priority ahead of all other security disciplines.
A global study by Thales claims that 44% of organisations have experienced a cloud data breach with 14% reported having an incident in the last 12 months. Human error and misconfiguration continued to be the top root cause of these breaches (31%), followed by exploiting known vulnerabilities (28%), and failure to use multi-factor authentication (17%).
Growing cloud usage across enterprises has seen an accompanying growth in the potential attack surface for threat actors, with 66% of organisations using more than 25 SaaS applications and 47% of corporate data being sensitive. Despite the increased risks to sensitive data in the cloud, the data encryption rates remain low, with less than 10% of enterprises encrypting 80% or more of their sensitive cloud data.
Sebastien Cano, senior vice president for cloud protection and licensing activities at Thales says the scalability and flexibility that the cloud offers is making it central to their security strategies.
He cautions that as the cloud attack surface expands, organisations must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it is being used.
“It is vital to solve these challenges now, especially as data sovereignty and privacy have emerged as top concerns in this year’s research,” he continued.
To address these challenges, organizations are prioritizing digital sovereignty initiatives, such as refactoring applications to logically separate, secure, store, and process cloud data. Future-proofing cloud environments are the primary driver behind these initiatives, as organizations aim to protect their data and maintain control over their cloud-based resources.
Future-proofing cloud environments (31%) was the number one driver behind digital sovereignty initiatives while adhering to regulations came in at a distant second at 22%.