The 2021 Thales Global Cloud Security Study is out, offering at digital security practices in the enterprise. As such, it’s the latest report to illustrate the many vulnerabilities of too many organizations.
The report, conducted by S&P Global Market Intelligence’s 451 Research, is based on surveys of over 2,600 executives spanning 16 countries and a range of industries including retail, tech, financial services, and the government sector. Surveys were conducted through January and February of this year.
The study found that fully 40 percent of the organizations surveyed had experienced a cloud-based data breach in the previous 12 months. To make matters worse, 21 percent of the executives surveyed said their organizations host most of their sensitive data in the cloud.
Despite the obvious security risks, 83 percent of businesses were found to be failing to encrypt half of the sensitive data stored in remote servers, and of those organizations that were encrypting their data, 34 percent left control of the keys to their service providers.
As for authentication policies, 48 percent of respondents said that their organization does not employ a Zero Trust strategy, and a quarter said they were not considering doing so.
They should think again, suggest comments from 451 Research principal analyst Fernando Montenegro.
“Protecting customer data is always the priority, and organizations should strongly consider reviewing their strategies and approaches to proactively protect data in cloud,” he said. “This includes understanding the role of specific technologies including encryption and key management, as well as the shared responsibilities between providers and their customers. As data privacy and sovereignty regulations grow, it will be paramount that organizations have a clear understanding of how they remain responsible for data security and make clear decisions about who is in control and who can access their sensitive data.”
That having been said, the study did uncover a couple of bright spots in the overall trends. Forty-six percent of respondents acknowledged that managing privacy and data protection in cloud environments is more complex than doing so for on-premises configurations, suggesting an awareness of need to do so. Better still, 33 percent cited multi-factor authentication as a key component of their cybersecurity strategy.
With a third of businesses seeming to recognize the benefits of MFA security, that suggests that passwords – which are far more vulnerable to cyberthreats – are fading away.