Partner POV | Managing Complexity, Data Control, and Sovereignty in the Cloud

This article was written and contributed by our partner, Thales.

55% of Organizations Feel Managing and Securing Cloud Data is Becoming More Complex

Cloud computing has played a transformative role in some of the most significant technological advances of the past two years. By removing the need for organizations to buy and invest in the expensive infrastructure required for computing applications, cloud computing has enabled huge improvements in artificial intelligence (AI), the Internet of Things (IoT), and remote and hybrid working. However, as cloud adoption increases, so does its inherent risks.

The 2023 Thales Cloud Security Study, which surveyed nearly 3000 respondents across 18 countries, explores the challenges of security in the cloud which has become the de facto standard for modern digital infrastructure and services. This article highlights its key findings.

It's a multicloud world

There's no better indicator of cloud computing's popularity than the increasing prevalence of multicloud. Mutlicloud use has grown significantly, with the average organization employing 2.26 infrastructure providers, up 35% from 2021. Similarly, over three-quarters (79%) of organizations now have multiple cloud providers.

And it isn't just cloud use for infrastructure that's grown. In 2021, only 16% of respondents reported that their enterprise used 51-100 SaaS applications. By 2023, that number had risen to 22% with 97 SaaS applications being the average for today's businesses.

Cloud complexity

Unfortunately, mutlicloud adoption has brought operational complexity, making the management and security of data in the cloud more difficult. 55% of respondents in 2023 felt that managing and securing data in the cloud is becoming more complex, compared to just 46% in 2021.

The way organizations choose to store encryption keys explains this. Only 14% of respondents said they controlled all their encryption keys in their cloud environment, while nearly two-thirds said they used an astounding five or more key management systems. It's no wonder organizations are struggling to keep track of their data.

Cloud data concerns

There is, understandably, more data stored in the cloud than ever. More and more organizations are switching to cloud computing; thus, the cloud is host to more data. However, more interesting is how much more sensitive data organizations store in the cloud.

In 2021, only 49% of respondents reported that 40% of their data stored in the cloud was sensitive. By 2023, that number had risen to 75%.

However, many organizations still aren't giving cloud security the necessary attention. While organizations are encrypting more sensitive data, only 22% of respondents reported that more than 60% of their cloud data is encrypted. With only 45% of data overall encrypted, it's undeniable that organizations need to improve their cloud security.

The cloud threat landscape

The cloud threat landscape also exemplifies the need for improved cloud security. The number of organizations that experienced a breach in the past grew 4% from 2021, increasing from 35% to 39%. Even more worrying, nearly half (46%) of respondents said they had experienced a data breach in their cloud environment.

Data sovereignty challenges

While data sovereignty represents an opportunity for organizations to undergo digital transformation, it also brings significant cloud security challenges. 83% of respondents said they were "somewhat" or "very" concerned about its impacts on cloud deployments.

Moving ahead

The report findings present a challenging situation for most organizations that are cloud-first. These organizations are switching to cloud computing, using more cloud services, and storing more sensitive data in the cloud to gain operational and financial advantages and thrive in a competitive market.

However, to reap these benefits, businesses must move away from complexity and embrace simpler-to-manage data protection in the cloud. Effective and efficient cloud security should also encompass the human factor to reduce insecurities caused by human errors and misconfigurations. After all, the cloud is not "somebody else's computer." It is just an extension of your infrastructure and deserves to be treated like it.