Only 45% of cloud data is currently encrypted

39% of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022, according to Thales.

In addition, human error was reported as the leading cause of cloud data breaches by 55% of those surveyed.

This comes as businesses reported a dramatic increase in the level of sensitive data stored in the cloud. 75% of businesses said that more than 40% of data stored in the cloud is classified as sensitive, compared to 49% of businesses this time last year.

38% ranked Software as a Service (SaaS) applications as the leading target for hackers, closely followed by cloud-based storage (36%).

Lack of control over encryption keys

Despite the reported increase in sensitive data in the cloud, the study found low levels of encryption being used. Only 22% of IT professionals reported that more than 60% of their sensitive data in the cloud is encrypted. According to the findings, on average, only 45% of cloud data is currently encrypted.

The study also found a lack of control over encryption keys by businesses, with only 14% of those surveyed stating that they controlled all of the keys to their encrypted data in their cloud environments. In addition, almost 62% say they have five or more key management systems – creating increased complexity when securing sensitive data.

Surge in SaaS App adoption

The adoption of multicloud continues to surge, with more than 79% of organizations having more than one cloud provider.

Notably, it’s not just infrastructure that is experiencing this growth. The use of SaaS apps is also on the rise significantly. In 2021, 16% of respondents reported their enterprises utilising 51-100 different SaaS applications, while in 2023 this percentage increased to 22%.

Despite the expansion of cloud usage, a significant challenge remains. 55% expressed that managing data in the cloud is more complex than in on-premises environments – up from 46% compared to the previous year.

Digital sovereignty is also front of mind for respondents. 83% expressed concerns over data sovereignty, and 55% agreed that data privacy and compliance in the cloud has become more difficult.

Maintaining control and security in cloud environments

Identity and access management (IAM) is a crucial measure in mitigating data breaches, emphasising the significance of strong security practices. Encouragingly, the adoption of robust multi-factor authentication (MFA) has risen to 65%, indicating progress in fortifying access controls.

Surprisingly, only 41% of organizations have implemented zero trust controls in their cloud infrastructure, and an even smaller percentage (38%) utilises such controls within their cloud networks. These statistics highlight the need for greater emphasis on adopting comprehensive security measures to effectively safeguard sensitive data and enhance overall cybersecurity resilience.

“The study shows that organizations are operating in a dynamic multicloud landscape, demanding seamless and efficient access to on-demand IT infrastructure and services,” stated Sebastien Cano, SVP for Cloud Protection and Licensing activities at Thales.

“Treating cloud environments as an extension of existing infrastructure while maintaining exclusive control and security of data, especially sensitive data, is key to cloud security. Customer control of encryption keys is essential as it allows organizations to leverage the scalability, cost efficiency, and accessibility benefits of the cloud while ensuring the utmost integrity and confidentiality of their valuable information,” added Cano.