Share this article on:
Over 53 per cent of Australian businesses believe cloud privacy and data protection are more challenging to manage than on-premises, but according to the 2022 Thales Cloud Security Report, increasingly complex cloud environments are on the rise.
Conducted by 451 Research, an S&P Global Market Intelligence arm, the 2022 Thales Cloud Security Report revealed that a fifth (22 per cent) of businesses in Australia now use over 50 software-as-a-service (SaaS) applications, while one in 10 (10 per cent) uses over 100. Despite the rapid growth in the prevalence and use of cloud services among businesses, the research indicates many organisations are still navigating how to protect the complicated environments they have created.
According to Brian Grant, ANZ director at Thales Cloud Security, security and safety became an "afterthought" due to the swift adoption of "cloud-first" operation brought on by the pandemic.
"In the wake of the pandemic, business leaders reacted with quick, bold decision making and jumped straight into cloud-delivered digital services.
"For all its benefits, cloud computing has layered on considerable complexity, which has always been the enemy of good security.
"The challenge of managing multi-cloud environments cannot be overstated, so to operate safely, retaining control over who, what, when and where data is visible must become an executive mandate within every organisation," Grant said.
Globally, cloud adoption and notably, multi-cloud adoption, continue to rise. There has been an expansion in the use of multiple infrastructure-as-a-service (IaaS) providers, with almost three-quarters (72 per cent) of businesses using multiple IaaS providers, up from 57 per cent the year before. The use of multiple providers has almost doubled in the last year, with one in five (20 per cent) respondents using three or more providers.
With increasing complexity comes an even greater need for robust cyber security according to the Thales research, but in the past 12 months, over a third of Australian businesses (36 per cent) experienced a cloud-based data breach or failed audit.
When asked what percentage of their sensitive data is stored in the cloud, almost three quarters (73 per cent) said between 21 to 60 per cent. However, only a quarter (23 per cent) said they could fully classify all data. Furthermore, 16 per cent say their employees still use nothing other than passwords to access data stored in cloud or SaaS applications.
Four in 10 (40 per cent) respondents admitted issuing a breach notification to a government agency, customer, partner or employees, which should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries.
Cyber attacks also present an ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with almost half (45 per cent) citing an increase in ransomware, 43 per cent in malware and 40 per cent in phishing/whaling.
When it comes to securing data in multi-cloud environments, Australian IT professionals view encryption as a critical security control. Most respondents cited encryption (60 per cent), multi-factor authentication (51 per cent) and key management (47 per cent) as the security technologies they currently use to protect sensitive data in the cloud. When asked what percentage of their data in the cloud is encrypted, however, only one in 10 (13 per cent) respondents said between 81-100 per cent.
The Thales data also revealed that key management platform sprawl may also be a growing issue for many enterprises with half (50 per cent) using between 5-10 platforms compared to just one in 10 (11 per cent) using 1-2 platforms. In addition, a quarter of respondents (23 per cent) admit to giving cloud providers full control of their encryption keys while 56 per cent have handed over at least half of their encryption keys.
The data has also discovered that Australian enterprises have been embracing and investing in zero trust. Nearly a quarter of respondents (24 per cent) said they are already executing a zero-trust strategy, and 16 per cent said they are evaluating one. While this is an encouraging, positive result, there is room to grow as 33 per cent still have no strategy.
"The challenge of managing multi-cloud environments cannot be overstated, so to operate safely, retaining control over who, what, when and where data is visible must become an executive mandate within every organisation," Grant concluded.
[Related: North Korean hackers stealing email content via malicious ‘SharpTongue’ browser extension]