Cloud data breaches rise amid increasing multicloud adoption and complexity: survey
A survey of almost 2,800 security professionals and executive leaders from around the world has uncovered an increase in the adoption of multicloud services from a year ago, which is raising problems with juggling the increased complexity and threat of data breaches.
The survey, published by Thales and conducted by 451 Research, found that 71 percent of respondents used more than one Infrastructure as a Service (IaaS) provider in 2022, compared to 57 percent in 2021. Among companies using three IaaS providers, the figure doubled from 2021 to 2022 from 9 percent to 18 percent.
But having more cloud services to manage also seems to be leading to concerns about the leap in complexity. More than half (51 percent) agreed or strongly agreed that it is more complex to manage privacy and data protection regulations in a multicloud or hybrid environment than on-premise networks. This is compared to 46 percent in 2021 who agreed or strongly agreed with the question. The number who strongly disagreed fell to 13 percent in 2022 compared to 22 percent in 2021.
With more enterprises on the cloud, a correlation with the number of data breaches was also seen by the survey. Forty-five percent said they experienced a data breach or failed an audit involving data and applications that reside in the cloud, an increase from 40 percent in 2021. Respondents also claimed increases in cyberattacks, with the top five coming from malware (26 percent), ransomware (25 percent), phishing/whaling (19 percent), denial of service (17 percent), and brand impersonation (13 percent).
Cloud assets were also identified as one of the primary targets for cyberattacks. For targets of cyberattacks, cloud-based storage tied for second as the top priority, tied with internal networks and only behind web applications by one percent. Cloud-delivered applications (35 percent), cloud databases (33 percent), and cloud-hosted applications (31 percent) also tended to rank as a top priority.
To defend against cyber threats, 59 percent of respondents said they use encryption, 52 percent said key management, and half said multi-factor authentication. Other options like tokenization/data masking, access management, and data loss prevention proved less popular.
Despite the popularity of encryption, its use in the cloud remained mixed. About 11 percent said 81 to 100 percent of their data is encrypted. There also appeared to be a problem with key management sprawl, as a third said they have three or four key management solutions, 41 percent said they have five to seven, and 12 percent said eight to 10. Five percent said they have over 10 key management solutions.
While there appeared to be an increase in vulnerabilities, the report also showed an increasing interest in zero trust security. Most expected to apply Zero Trust principles to the cloud at 62 percent, the highest number among the venue options. Almost three-in-ten (29 percent) said they have a formal zero trust strategy in execution and 27 percent said they are evaluating one. The combined total at 56 percent exceeded 2021 when 52 percent said they were in execution or evaluation.
Sebastien Cano, senior vice president for cloud protection and licensing activities at Thales, says, “The complexity of managing multicloud environments cannot be overstated.”
“Continuing to embrace a Zero Trust strategy will be essential in securing these complex environments, helping to ensure organizations can support their data and manage future challenges,” he says.
Recognizing the threat to cloud and edge computing, the National Institute of Standards and Technology released a document to advise organizations on server platform security and data protection from a hardware perspective.
Arm offers smaller chip, better images for computer vision systems
Tata Elxsi, Mimik forge partnership on edge, 5G
Comments