Dive Brief:
- Cloud security is a top priority for organizations around the world, Thales found in a study released Tuesday. The report is based on a survey of 3,000 IT and security professionals from 18 different countries.
- More than 2 in 5 respondents said they have had their cloud environments breached in the past, with 14% of respondents reporting a breach in the past year.
- For nearly one-third of incidents, human error and misconfiguration are to blame. Respondents also cited the exploitation of known vulnerabilities in 28% of breaches and failure to use multifactor authentication in 17%.
Dive Insight:
Thales research comes at a time when cloud security is under heightened scrutiny.
Leading cloud providers, such as Microsoft and others, have been targeted by sophisticated threat groups targeting companies, government agencies and other organizations that store data in the cloud.
A wave of attacks have impacted at least 100 Snowflake customer environments, with those incidents linked to failure to use MFA.
“The cloud is not inherently more secure than on prem,” Todd Moore, VP of data security products at Thales, said via email. “Security is determined entirely by the measures put in place to identify and protect the data within the cloud, and this responsibility lies between providers and users.”
As cloud use becomes more prevalent, companies are finding the attack surface — and the complexity of the network environment — are becoming more complicated.
Application sprawl is partially to blame. The Thales study found two-thirds of organizations say they use 25 or more SaaS applications. And nearly half of data in the cloud is considered sensitive.
Despite the high level of sensitivity, only 10% of organizations say they have encrypted 80% of their data.