Cloud Security in 2024: Addressing the Shifting Landscape
Published 06/27/2024
Written by Thales.
As cloud infrastructures become integral to business operations, securing them is climbing the priority ladder for businesses in every sector. In fact, cloud security is a top concern for nearly two-thirds (65%) of security and IT management professionals now, and 72% claim it will be even more so in the future.
These figures were revealed in the fourth annual 2024 Thales Cloud Security Study, which researches the evolving trends and challenges of cloud security. With insights from 3,000 respondents spanning 18 countries and 37 industries, this year’s study provides a comprehensive look at the current state and future concerns of cloud security across a diverse range of enterprises of every size.
Multi-Cloud Complexity
The sheer complexity of enterprise cloud environments is also fueling the focus on cloud security. The demand for a host of cloud computing approaches and techniques has given rise to a diverse market, where any one organization may be served by multiple providers and deployment models—potentially all with equally diverse security needs.
The research highlighted how multi-cloud adoption remains high, though slightly reduced compared to 2023, with the average number of cloud providers per enterprise dropping from 2.26 to 2.02. This trend is consistent across various industries, including banking, financial services, and insurance.
On the other hand, SaaS adoption is on the rise, with over 60% of respondents using more than 25 SaaS applications and 30% more than 50. Securing these applications (and the data they process or store) comes with its own challenges, contributing to the complexity of managing privacy and data protection in cloud environments.
Attackers Target the Cloud
Respondents indicated that cloud resources are among the top targets for cyberattacks, followed closely by identity infrastructure. Attacks targeting cloud management infrastructure saw the greatest increase, with 72% of respondents noting a rise.
Compromising these infrastructures poses severe risks, potentially allowing adversaries to navigate cloud environments undetected and disable critical auditing or monitoring functions.
The Human Factor of Cloud Security
Identity and Access Management (IAM) is crucial in linking people with technology and policy control. People's interaction with technology introduces significant risks, and human error is a leading cause of cloud data breaches.
In fact, 44% of respondents experienced a cloud data breach, with 31% attributing the breach to misconfiguration or human error. This underscores the need for robust IAM solutions and comprehensive training to mitigate human-related risks.
Investment Trends
Investment priorities reflect the high importance of cloud, data, identity, and access security. Security for IaaS and PaaS environments tops the list with 33%, yet there is hesitation when it comes to adopting modern cloud security controls.
Traditional tools like endpoint security and workforce IAM are also favored, suggesting a reliance on familiar solutions rather than newer, cloud-native security measures. This reluctance to fully embrace modern techniques may hamper the effectiveness of cloud security strategies.
Encryption is Lagging
Despite the critical importance of data security, the adoption of encryption remains low. Less than 10% of enterprises encrypt 80% or more of their cloud data, and the number of key management systems in use further complicates the security landscape.
This lag in encryption practices brings significant risks, particularly as the volume of sensitive data in the cloud grows.
Prioritizing Proactive Security
To better secure cloud environments, enterprises should:
- Drive Security Proactivity: Implement proactive security measures to achieve better outcomes, such as ensuring compliance with security audits to reduce the likelihood of data breaches.
- Strengthen Command of New Technologies: Invest in understanding and deploying modern cloud security solutions, such as CNAPP and advanced encryption techniques.
- Foster Developer and Security Partnerships: Enhance collaboration between developers and security teams to address new threats and vulnerabilities.
- Centralize Tools for Decentralized Teams: Provide consistent security tools and controls that enable decentralized teams to manage risks effectively.
Cloud security is dynamic and complex, and as cloud adoption continues to soar, so do the associated challenges and risks. Enterprises can better secure their cloud environments and protect their valuable data by prioritizing proactive security measures, investing in modern solutions, and fostering strong team partnerships.
The evolving landscape demands a comprehensive and adaptive approach to cloud security, ensuring that companies stay ahead of emerging threats and maintain robust security postures. Download the 2024 Thales Cloud Security Study.
Related Articles:
Decoding the Volt Typhoon Attacks: In-Depth Analysis and Defense Strategies
Published: 12/17/2024
Threats in Transit: Cyberattacks Disrupting the Transportation Industry
Published: 12/17/2024
Top Threat #7 - Data Disclosure Disasters and How to Dodge Them
Published: 12/16/2024
Break Glass Account Management Best Practices
Published: 12/16/2024