ChannelLife Australia - Industry insider news for technology resellers
Story image
Cloud privacy, data protection more complex than on-prem
Fri, 5th Aug 2022
FYI, this story is more than a year old

Over half of Australian businesses (53%) believe cloud privacy and data protection is more challenging to manage than on-premises.  Yet, according to the 2022 Thales Cloud Security Report conducted by 451 Research, part of S-P Global Market Intelligence, increasingly complex cloud environments are on the rise.

Globally, cloud adoption and notably multi-cloud adoption, continues to rise. There has been an expansion in the use of multiple IaaS providers, with almost three-quarters (72%) of businesses using multiple IaaS providers, up from 57% the year before. The use of multiple providers has almost doubled in the last year, with one in five (20%) respondents using three or more providers.

In Australia, a fifth (22%) of businesses now use over 50 software as a service (SaaS) applications, while one in ten (10%) uses over 100. However, despite rapid growth in the prevalence and use of cloud services amongst businesses, research indicates many are still navigating how to protect the complicated environments they have created.

Security Challenges of Multi-Cloud Complexity  

With increasing complexity comes an even greater need for robust cybersecurity, yet in the past 12 months, over a third of Australian businesses (36%) experienced a cloud-based data breach or failed audit.

When asked what percentage of their sensitive data is stored in the cloud, almost three quarters (73%) said between 21 to 60%. However, only a quarter (23%) said they could fully classify all data. Furthermore, 16% say their employees still use nothing other than passwords to access data stored in cloud or SaaS applications.

Four in ten (40%) respondents admitted issuing a breach notification to a government agency, customer, partner or employees, which should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries.

Cyber-attacks also present an ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with almost half (45%) citing an increase in ransomware, 43% in malware and 40% in phishing/whaling.

Protecting Sensitive Data 

When it comes to securing data in multicloud environments, Australian IT professionals view encryption as a critical security control. Most respondents cited encryption (60%), multi-factor authentication (51%) and key management (47%) as the security technologies they currently use to protect sensitive data in the cloud. However, when asked what percentage of their data in the cloud is encrypted, only one in ten (13%) respondents said between 81-100%.

Key management platform sprawl may also be a growing issue for many enterprises with half (50%) using between 5-10 platforms compared to just one in ten (11%) using 1-2 platforms. In addition, a quarter of respondents (23%) admit to giving cloud providers full control of their encryption keys while 56% have handed over at least half of their encryption keys.

Positive Cloud Security Signs 

It is, however, encouraging to see Australian enterprises embracing and investing in Zero Trust. Nearly a quarter of respondents (24%) said they are already executing a Zero Trust strategy, and 16% said they are evaluating one. This is a positive result, but there is certainly still room to grow as 33% still have no strategy.

"In the wake of the pandemic, business leaders reacted with quick, bold decision-making and jumped straight into cloud delivered digital services," says Brian Grant, ANZ director at Thales Cloud Security.

"For many, this surge towards a cloud-first approach meant security and safety became afterthoughts, and theres no point being the fastest car on the racetrack if you crash on the first corner.

"For all its benefits, cloud computing has layered on considerable complexity, which has always been the enemy of good security," he says.

"The challenge of managing multi-cloud environments cannot be overstated, so to operate safely, retaining control over who, what, when and where data is visible must become an executive mandate within every organisation."