There is a growing sense of urgency surrounding cloud security as IT professionals deal with complex new threats and increasing cyberattacks targeted towards cloud resources, Thales Inc’s 2024 Cloud Security Study said.
With the demands of AI integration across products, data volumes have shot up and organizations adopt multicloud strategies. Cloud-based assets, including SaaS applications, storage, and management infrastructure, are now the most frequent targets for cyberattacks.
[ Understand today’s top cloud security threats and why visibility and alarm fatigue remain top remediation concerns | Sign up for CSO newsletters. ]
Over a third of organizations say they want to prioritize cloud security in their enterprise security budgets, the report said.
AI workloads guzzle volumes of data and cloud storage
There is a dramatic surge in cloud data storage due to the increasing adoption of AI and ML technologies and the subsequent demands of their workloads.
The Mother of All Breaches (MOAB), a massive data leak discovered in 2024, which leaked billions of records from thousands of past breaches, serves as an indicator of the massive amounts of sensitive data stored in the cloud.
For context, one in seven enterprises will soon be using a staggering 250 petabytes of data just for building and training AI/ML models, a 2023 report by 451 Research said.
Exposure of such sensitive data can have direct and real-world consequences on people and organizations.
Multicloud usage and SaaS applications complicate cloud security
To cater to the vast data requirements of such business needs, organizations are employing multiple cloud service providers such as AWS, Microsoft Azure, and Google Cloud. To enjoy flexibility most businesses currently use at least two cloud service providers per organization, the report said.
While this approach offers options and risk distribution, it also brings complexity to cloud security.
SaaS application usage, with over 60% of businesses using more than 25 applications, also compounds security considerations.
IT professionals are clearly aware of these concerns, with 65% of those surveyed in the report describing cloud security as an urgent issue. In terms of perceiving future threats, 72% said they saw cloud security as the area with the biggest potential for future problems.
The MOAB data leak is a stark reminder of the vulnerabilities in cloud security and the need to encrypt data.
Adoption of encryption lags
Cloud computing, AI, and SaaS combined offer solid business solutions and growth opportunities for organizations. All of them use vast amounts of sensitive data that, ideally, should be fully encrypted.
However, the amount of unencrypted data remains shockingly high, the Thales report said.
Despite 47% of cloud data being classified as sensitive, less than 10% of enterprises have encrypted 80% or more of their cloud data, leaving the rest of the data vulnerable to cyberattacks.
Ironically, the use of multiple key management systems for safety purposes increases the risk of human error and makes cloud security difficult to manage.
Human factors and organizational challenges are weak links
Cloud data security needs to be incorporated at every relevant step in development processes as well as aligned with product development milestones.
Over half of respondents struggle with incorporating security into development processes and managing access for their workforce within the cloud.
The report also revealed human error as the leading cause of cloud data breaches, surpassing external threats like cybercriminals or hacktivists. Misconfigurations and human mistakes were blamed for 31% of breaches.
Through 2027, 99% of records breached in the cloud will be due to user misconfigurations and account compromises, a 2023 Gartner report said.
Challenges in these areas are reflected in the number of cloud data breaches experienced by those surveyed in the Thale report as well. The study found that 44% of respondents have experienced a cloud data breach, with 14% facing one within the past year.
While the report paints a vivid picture of the challenges organizations face in securing the cloud, it’s not all doom and gloom. In fact, the study offers several actionable points that can help organizations fortify cloud security and be better prepared for the future.
Fortifying security will boost ROI in cloud environments
Companies need to have processes in place that prioritize cloud security at every stage of growth, to reap the most benefits of their cloud infrastructure.
A complex issue like cloud security in today’s landscape requires a multilayered approach. This includes continuously adapting security solutions in step with increasing data volumes, prioritizing encryption, and sharper key management.
Also, training, auditing, and reviewing for reducing and catching human errors, as well as integrating security into DevOps processes, can help balance the benefits and security risks of multi-cloud deployments.
More on cloud security: