Thales has published its Cloud Security Study 2024, an annual assessment of the latest threats, trends, and emerging risks in cloud security. Based on a survey of nearly 3000 IT and security professionals in 18 countries and 37 industries, the study reveals that cloud resources have become the primary targets of cyberattacks.
One of the key findings of the study is that spending on cloud security now surpasses all other categories of security spending. This is a response to the growing strategic importance of cloud usage for many organizations. Software as a Service (SaaS) applications (31%), cloud storage (30%), and cloud management infrastructure (26%) are the most targeted categories, making protecting cloud environments a top security priority.
Additionally, the study uncovers that 44% of organizations have experienced a data breach in the cloud, and 14% have suffered an incident in the last year. Human errors and misconfigurations continue to be the leading causes of these breaches (31%), followed by the exploitation of known vulnerabilities (28%) and the lack of multifactor authentication usage (17%).
Main Findings of the Cloud Security Study 2024
1. Increased Attack Targets: Cloud resources, especially SaaS applications, cloud storage, and cloud management infrastructure, have become the primary targets of cyberattacks.
2. Cloud Data Breaches: Nearly half of organizations have experienced a data breach in the cloud, highlighting the critical need to strengthen security in these environments.
3. Sensitive Data in the Cloud: 47% of corporate data stored in the cloud is sensitive, but less than 10% of companies encrypt more than 80% of this sensitive data, posing a significant risk.
4. Compliance and Privacy Challenges: Nearly half of organizations find it more challenging to manage compliance and privacy in the cloud compared to on-premises.
5. Digital Sovereignty: One-third of organizations recognize the importance of digital sovereignty initiatives as a means to prepare their cloud environments for the future.
Sebastien Cano, Senior Vice President of Cloud Protection and Licensing at Thales, commented: “The scalability and flexibility offered by the cloud are highly attractive to organizations, so it is not surprising that it is central to their security strategies. However, as the cloud attack surface expands, organizations must firmly understand the data they have stored in the cloud, the keys they use to encrypt it, and the ability to have full visibility on who accesses the data and how it is used.”
Strategies to Enhance Cloud Security
To address these challenges, organizations are modernizing their investments in cloud security. Common measures include refactoring applications to logically separate, secure, store, and process data in the cloud, as well as repatriating workloads back to on-premises or on-premises territories.
The study emphasizes the urgent need for companies to implement robust and proactive security solutions to protect their cloud environments, especially in a context where data sovereignty and privacy are emerging concerns.
Access the report on the Thales website at https://cpl.thalesgroup.com/cloud-security-research.