Cloud security threats were analyzed in a recent report by Thales. The study found that more than a third (39%) of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022. In addition, human error was reported as the leading cause of cloud data breaches by over half (55%) of those surveyed.

Three quarters (75%) of businesses said that more than 40% of data stored in the cloud is classified as sensitive, compared to 49% of businesses this time last year. More than a third (38%) ranked Software as a Service (SaaS) applications as the leading target for hackers, closely followed by cloud-based storage (36%).

Despite the reported increase in sensitive data in the cloud, the study found low levels of encryption being used. A fifth (22%) of IT professionals reported that more than 60% of their sensitive data in the cloud is encrypted. According to the findings, on average, 45% of cloud data is currently encrypted.

The study also found a lack of control over encryption keys by businesses, with 14% of those surveyed stating that they controlled all of the keys to their encrypted data in their cloud environments. In addition, almost two thirds (62%) say they have five or more key management systems.

The adoption of multi-cloud continues to surge, with more than three quarters (79%) of organizations having more than one cloud provider.

Despite the expansion of cloud usage, a significant challenge remains. More than half (55%) expressed that managing data in the cloud is more complex than in on-premises environments (up from 46% compared to the previous year). Digital sovereignty is also front of mind for respondents. Eighty-three percent expressed concerns over data sovereignty, and 55% agreed that data privacy and compliance in the cloud has become more difficult.

The adoption of robust multi-factor authentication (MFA) has risen to 65%, indicating progress in fortifying access controls. Forty-one percent of organizations have implemented zero trust controls in their cloud infrastructure, and an even smaller percentage (38%) utilizes such controls within their cloud networks.

Read the full report here