Cloud data breaches and cloud complexity on the rise, reveals Thales

Cloud Security India
  • Multi-cloud adoption is accelerating with 72% of organizations using multiple IaaS providers vs. 57% in 2021
  • 46% of organizations in India store 21%-60% of their sensitive data in the cloud
  • 37% of respondents in India have experienced a data breach or failed an audit involving data and applications in the cloud in past year as compared to 33% in the year before that

 

The 2022 Thales Cloud Security Report, conducted by 451 Research, part of S&P Global Market Intelligence, reports that even though cloud and notably multi-cloud adoption remains on the rise, 37% of respondents from India have experienced a cloud-based data breach or failed audit in the past 12 months, up from the previous year (33%).

Despite security concerns, cloud adoption however continues to grow across India and the globe. In 2021, organisations worldwide were using an average amount of 110 software as a service (SaaS) applications , compared with just eight in 2015, showcasing a startlingly rapid increase.  There has been a notable expansion in the use of multiple Infrastructure as a service (IaaS) providers, with almost three-quarters (72%) of businesses globally using multiple IaaS providers, up from 57% the year before. The use of multiple providers has almost doubled in the last year, with one in five (20%) of global respondents reporting using three or more providers.

Despite their increasing prevalence and use, businesses share common concerns about the increasing complexity of cloud services with 40% of IT professionals from India agreeing that it is more complex to manage privacy and data protection in the cloud. Additionally, the journey to the cloud is also becoming more complex, with the percentage of respondents reporting that they’re expecting to lift and shift, the simplest of migration tactics, dropping from 55% in 2021 to 24% currently. This stands true for respondents in India as well with the figure standing at 23% presently.

Security Challenges of Multi-cloud Complexity

With increasing complexity comes an even greater need for robust cybersecurity. When asked what percentage of their sensitive data is stored in the cloud, 46% of respondents in India said between 21-60%.

Nearly a third (32%) of respondents worldwide admitted to having to issue a breach notification to a government agency, customer, partner, or employees. This should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries.

Cyber-attacks also present an ongoing risk to cloud applications and data. Respondents around the globe reported an increasing prevalence of attacks, with a quarter (26%) citing an increase in malware, 25% in ransomware and one-fifth (19%) reporting seeing an increase in phishing/ whaling.

Protecting Sensitive Data

When it comes to securing data in multi-cloud environments, IT professionals from India view encryption as a critical security control. 65% of respondents cited encryption and 56% stated key management as the security technologies they currently use to protect sensitive data in the cloud.

However, when asked what percentage of their data in the cloud is encrypted, only one in ten (11%) of respondents said between 81-100% is encrypted. The same stands true globally as well.  Additionally, key management platform sprawl may be an issue for enterprises. Globally, only 10% of respondents use one to two platforms, 90% use three or more, and almost one in five (17%) admitted using eight or more platforms.

Encryption should be a priority area for enterprises to focus on when it comes to securing data in the cloud. In fact, 40% of respondents worldwide stated that they were able to avoid the breach notification process because the stolen or leaked data was encrypted or tokenised, showcasing the tangible value of encryption platforms.

Additionally, it is encouraging to see signs of enterprises embracing Zero Trust and investing accordingly. Almost a third of respondents in India (31%) said they are already executing a Zero Trust strategy, 29% said that they are evaluating and planning one and, 20% said they are considering it. This is a positive result, but there is certainly still room to grow.

Ashish Saraf, VP and Country Director – India, Thales, comments: “Multi-cloud environments are becoming the new norm for businesses in India. The journey to the cloud is also becoming more complex. Businesses are still learning and adapting to the security challenges of operating in the multi-cloud ecosystem. It is important for organizations to constantly adapt to this rapidly changing environment and stay on top of the evolving trends of the industry. With the increased use of the cloud, data across the world, including from India, has become vulnerable to breaches. According to the report, 37% of respondents in India have experienced a cloud-based data breach or failed audit in the last year. This emphasises the importance of using strategies such as encryption, key management, multi-factor authentication and tokenization among others, to address the increasing complexity of cloud security. All stakeholders must work together to ensure a zero-trust journey for all and address the existing challenges of multi-cloud adaptation.”
Sebastien Cano, Senior Vice President for Cloud Protection and Licensing activities at Thales said: “The complexity of managing multi-cloud environments cannot be overstated. Additionally, the growing importance of data sovereignty is increasingly raising questions for CISOs and Data Protection Officers when considering their cloud strategy, governance, and risk management. The challenge is not only where the sensitive data resides geographically, but even who has access to sensitive data inside the organisation. There are various solutions such as encryption and key management. Last but not least, continuing to embrace a Zero Trust strategy will be essential in securing these complex environments, helping to ensure organisations can support their data and manage future challenges.”

Thales and 451 Research will discuss the findings in more detail during a webinar on 23 June 2022. To join, please visit the registration page.

 

About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies, investing in digital and “deep tech” innovations – connectivity, big data, artificial intelligence, cybersecurity and quantum technologies – to build a confident future crucial for the development of our societies. The Group provides its customers – businesses, organizations and governments – in the defense, aeronautics, space, transport, and digital identity and security domains with solutions, services and products that help them fulfil their critical role, consideration for the individual being the driving force behind all decisions.
Thales has 81,000 employees in 68 countries. In 2021, the Group generated sales of €16.2 billion.
About Thales in India
Present in India since 1953, Thales is headquartered in Noida and has other operational offices and sites spread across Delhi, Gurugram, Hyderabad, Bengaluru and Mumbai, among others. Over 1,800 employees are working with Thales and its joint ventures in India. Since the beginning, Thales has been playing an essential role in India’s growth story by sharing its technologies and expertise in Defence, Transport, Aerospace and Digital Identity and Security markets. Thales has two engineering competence centres in India - one in Delhi NCR focused on digital identity and security business, while the one in Bengaluru focuses on hardware, software and systems engineering capabilities for both the civil and defence sectors, serving global needs.
Contact
Pawandeep KAUR, Thales, Communications in India
+91 120 40 20 555 pawandeep.kaur@thalesgroup.com
Tulika Bhardwaj, Chase India
+91 8851646206 Tulika@chase-india.com
All articles