Few businesses encrypt sensitive data stored in the cloud - report
While almost many organizations have experienced cloud-based data breaches over the last 12 months, the vast majority of them fail to encrypt sensitive data on the cloud.
A staggering 83% of businesses fail to encrypt at least half of the sensitive data stored on the cloud, a recent report by Thales and 451 Research shows. That's troublesome news, given the same report indicates at least 40% of businesses were breached over the last year.
The report's authors interviewed 2,600 business executives in 16 countries to find out that a tad over a fifth of the respondent's store all of their sensitive data in the cloud. Yet, only a third employ multi-factor authentication (MFA) to protect their data.
The report shows that only 17% of the respondents encrypt most of the stored data, with only 15% of businesses using a multi-cloud solution encrypting the data.
Even businesses that use encryption to strengthen their cybersecurity resilience don't take full responsibility for their actions. 34% of respondents leave the control keys to service providers rather than retaining control themselves.
Worryingly, 48% of respondents claim not to use zero-trust strategy, and a further 25% claim they aren't considering starting doing so.
"As data privacy and sovereignty regulations grow, it will be paramount that organizations have a clear understanding of how they remain responsible for data security and make clear decisions about who is in control and who can access their sensitive data," Fernando Montenegro, Principal research analyst, Information security at 451 Research said.
The report shows that the increasing complexity of cloud services is becoming a concern. 46% of respondents claim that managing privacy and data protection in the cloud is more complex than on-premises solutions.
Over half of businesses prefer the 'lift & shift' approach to cloud adoption over re-architecting. That might spell trouble for later as the very same approach usually means companies are cutting corners on security.
Copy and pasting on-prem architectures can lead to copying the same vulnerabilities to the cloud, opening the door to threat actors willing to victimize businesses.
"As data privacy and sovereignty regulations grow, it will be paramount that organizations have a clear understanding of how they remain responsible for data security and make clear decisions about who is in control and who can access their sensitive data."-Fernando Montenegro
"Organisations across the world are struggling to navigate the increased complexity that comes with greater adoption of cloud-based solutions. A robust security strategy is essential to ensuring data and business operations remain secure," Sebastien Cano, Senior VP for cloud protection and licensing activities at Thales, said.
Many companies have experienced cloud data breaches in the last 18 months, with 43% suffering from ten cloud-based intrusion attempts. Given that over 90% of organizations house at least part of their digital assets in the cloud, that's a big problem.
Even brands like Azure can succumb to critical vulnerabilities. Recently, researchers at Palo Alto found that the Azure containers used code that had not been updated to patch a known vulnerability, allowing the researchers to get complete control of other users' data.
With reports showing that rapid transition to the cloud will push 90% of businesses to cloud-native architectures in the next several years, security holes can lead to heavy losses.
More from CyberNews
Subscribe to our newsletter