Thales has announced the release of the 2024 Thales Cloud Security Study, its annual assessment on the latest cloud security threats, trends and emerging risks based on a survey of nearly 3000 IT and security professionals across 18 countries in 37 industries.
As the use of the cloud continues to be strategically vital to many organisations, cloud resources have become the biggest targets for cyber-attacks, with Cloud Storage (30%), SaaS applications (30%), and Cloud Management Infrastructure (28%) cited as the leading categories of attack in India. As a result, protecting cloud environments has risen as the top security priority ahead of all other security disciplines.
This comes as organisations continue to experience cloud data breaches. In India, thirty-seven percent of organisations have experienced a cloud data breach with 14% reported having an incident in the last 12 months. Human error and misconfiguration continued to lead the top root cause of these breaches (34%), followed by exploiting previously unknown vulnerabilities (32%), exploiting known vulnerabilities (21%) and failure to use Multi-Factor Authentication (11%).
Globally, growing cloud usage across enterprises has seen an accompanying growth in the potential attack surface for threat actors, with 66% of organisations using more than 25 SaaS applications and nearly half (47%) of corporate data being sensitive Despite the increased risks to sensitive data in the cloud, the data encryption rates remain low, with less than 9% of enterprises encrypting 80% or more of their sensitive cloud data.
Ashish Saraf, VP and Country Director, Thales in India commented “The scalability and flexibility that the cloud offers are highly compelling for organisations, so it’s no surprise it is central to their security strategies. However, as the cloud attack surface expands, organisations in India must get a firm grasp on the data they have stored in the cloud, the keys they’re using to encrypt it, and the ability to have complete visibility into who is accessing the data and how it being used. With India continuously progressing in the field of digital technology and data sovereignty and privacy emerging as top concerns in this year’s research, it is vital to solve these challenges of cloud security now to ensure a secured and trusted future for all.”
As organisations gain more experience in using cloud computing, many have modernised their investments to meet new security challenges. For organisations that prioritised digital sovereignty as an emerging security concern, refactoring applications to logically separate, secure, store, and process cloud data was the top way they would attain or achieve sovereignty initiatives ahead of other measures such as repatriating workloads back to on-premises or in-territory. Future-proofing cloud environments (35%) was the number one driver behind digital sovereignty initiatives in India, while adhering to global privacy framework came in at a distant second at 20%.