Cloud attacks rise but most sensitive data remains unencrypted

Despite a continuous rise in cloud-based security threats and breaches, as businesses continue to move their data and applications to the cloud, most of the sensitive data in organisations’ cloud environments remain unencrypted, according to a new report, published on Wednesday by technology firm Thales.

The report said that globally just 45% of sensitive data stored in the cloud is currently encrypted, despite 39% of respondents having experienced a data breach in their cloud environment in the last twelve months, up 9% from the previous year.

The India figures are also alarming as only 19% of IT professionals in India (22% globally) reported that more than 60% of their sensitive data in the cloud is encrypted.

Cloud encryption, the process of encoding and transforming data before transferring it to the cloud, is essential as it ensures that even if the data is lost, stolen or mistakenly shared, the contents are virtually useless without the encryption key that are only made available to authorised users.

The study also found a lack of control over encryption keys by businesses, with only 16% of those surveyed in India and 14% globally stated that they controlled all of the keys to their encrypted data in their cloud environments. In addition, almost two thirds (62%) of respondents globally say they have five or more key management systems – creating increased complexity when securing sensitive data.

“Considering the rising cyber threats in India and globally, treating cloud environments as an extension of existing infrastructure while maintaining exclusive control and security of data, especially sensitive data, is key to cloud security,” Ashish Saraf, VP & Country Director – India, Thales, said.

According to him, encryption keys allow organisations to leverage the scalability, cost efficiency, and accessibility benefits of the cloud while ensuring the utmost integrity and confidentiality of their valuable information.

“This becomes more critical for Indian organisations as 68% of respondents in India reported over 40% of their cloud data as sensitive,” he said.

Another research report released in March this year by 451 Research, points to budgetary challenges and a lack of proper automation tools are the key issues facing cloud security. Additionally, firms often struggle to find the right full-time employees or contractors to meet their needs and, even when they can find them, often fail to meet salary expectations.

The researchers observed that a shortage of cloud security talent often leads many enterprises to hire less-than-qualified candidates for the jobs. Moreover, as most enterprise IT leaders can’t scale their defenses as quickly as attackers, and are ill prepared to handle the new challenges, the report said.

For example, earlier this week, cybersecurity solutions company Fortinet said in a report that nearly half of the technology leaders (48%) indicated a lack of integration between the zero-trust solutions deployed on-premises and in the cloud is creating significant challenges. The zero-trust framework operates on the assumption that all devices and users, even those within the network perimeter, are already compromised. 

Further, Gartner also highlighted that a lack of relevant skills is one of the biggest barriers to cloud and cyber security initiatives. The research firm said that as more businesses migrate to cloud-based infrastructure and services, CIO/CISOs will not succeed unless they prioritise organic skills growth in such critical areas.