The volume of sensitive data stored in the cloud has seen a dramatic increase in the last couple of years. A full 75% of businesses globally report that 40% or more of their data in the cloud is sensitive – a number that has seen over 50 percent growth as compared to the 2021 number (49%), according to the 2023 Thales Cloud Security Study. But are businesses doing enough to protect this sensitive data?
Despite the reported increase in sensitive data in the cloud, the study found low levels of encryption being used. Only 19% of IT professionals in India (22% globally) reported that more than 60% of their sensitive data in the cloud is encrypted. According to the findings of the survey, on average, only 45% of cloud data is currently encrypted globally.
The study that surveyed more than 3,000 IT and security professionals across 18 countries throws some more unsettling facts about the state of cloud security.
More than a third (35%) of respondents in India have experienced a data breach in their cloud environment last year with a significantly higher global average of 46%.
Here are a few other findings from the survey:
- Human error was reported as the leading cause of cloud data breaches by over half of those surveyed (52% in India, 55% globally
- More than a third (38%) respondents globally ranked Software as a Service (SaaS) applications as the leading target for hackers, closely followed by cloud-based storage (36%).
- Only 16% of those surveyed in India and 14% globally stated that they controlled all of the keys to their encrypted data in their cloud environments.
- 44% of Indian organizations expressed that managing data in the cloud is more complex than in on-premises environments.
- Globally, 83% expressed concerns over data sovereignty, and 55% agreed that data privacy and compliance in the cloud has become more difficult.
Pathways to Better Cloud Security
Identity and access management (IAM) is a crucial measure in mitigating data breaches, emphasising the significance of strong security practices. Encouragingly, the adoption of robust multi-factor authentication (MFA) has risen to 65% globally, indicating progress in fortifying access controls.
Surprisingly, only 41% of organisations worldwide have implemented zero trust controls in their cloud infrastructure, and an even smaller percentage (38%) utilise such controls within their cloud networks
“ Considering the rising cyberthreats in India and globally, treating cloud environments as an extension of existing infrastructure while maintaining exclusive control and security of data, especially sensitive data, is key to cloud security. Another essential aspect of cyber security is customer control of encryption keys, as it allows organisations to leverage the scalability, cost efficiency, and accessibility benefits of the cloud while ensuring the utmost integrity and confidentiality of their valuable information. This becomes more critical for Indian organizations as 68% of respondents in India reported over 40% of their cloud data as sensitive,” stated Ashish Saraf, VP & Country Director – India, Thales.