Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Join the new DPE Working Group & participate in the kickoff call on July 10th at 12 PM PT!

Cloud Security in 2024: Addressing the Shifting Landscape

Home
Industry Insights
Cloud Security in 2024: Addressing the Shifting Landscape

Blog Article Published: 06/27/2024

Written by Thales.

As cloud infrastructures become integral to business operations, securing them is climbing the priority ladder for businesses in every sector. In fact, cloud security is a top concern for nearly two-thirds (65%) of security and IT management professionals now, and 72% claim it will be even more so in the future.

These figures were revealed in the fourth annual 2024 Thales Cloud Security Study, which researches the evolving trends and challenges of cloud security. With insights from 3,000 respondents spanning 18 countries and 37 industries, this year’s study provides a comprehensive look at the current state and future concerns of cloud security across a diverse range of enterprises of every size.


Multi-Cloud Complexity

The sheer complexity of enterprise cloud environments is also fueling the focus on cloud security. The demand for a host of cloud computing approaches and techniques has given rise to a diverse market, where any one organization may be served by multiple providers and deployment models—potentially all with equally diverse security needs.

The research highlighted how multi-cloud adoption remains high, though slightly reduced compared to 2023, with the average number of cloud providers per enterprise dropping from 2.26 to 2.02. This trend is consistent across various industries, including banking, financial services, and insurance.

On the other hand, SaaS adoption is on the rise, with over 60% of respondents using more than 25 SaaS applications and 30% more than 50. Securing these applications (and the data they process or store) comes with its own challenges, contributing to the complexity of managing privacy and data protection in cloud environments.


Attackers Target the Cloud

Respondents indicated that cloud resources are among the top targets for cyberattacks, followed closely by identity infrastructure. Attacks targeting cloud management infrastructure saw the greatest increase, with 72% of respondents noting a rise.

Compromising these infrastructures poses severe risks, potentially allowing adversaries to navigate cloud environments undetected and disable critical auditing or monitoring functions.


The Human Factor of Cloud Security

Identity and Access Management (IAM) is crucial in linking people with technology and policy control. People's interaction with technology introduces significant risks, and human error is a leading cause of cloud data breaches.

In fact, 44% of respondents experienced a cloud data breach, with 31% attributing the breach to misconfiguration or human error. This underscores the need for robust IAM solutions and comprehensive training to mitigate human-related risks.


Investment Trends

Investment priorities reflect the high importance of cloud, data, identity, and access security. Security for IaaS and PaaS environments tops the list with 33%, yet there is hesitation when it comes to adopting modern cloud security controls.

Traditional tools like endpoint security and workforce IAM are also favored, suggesting a reliance on familiar solutions rather than newer, cloud-native security measures. This reluctance to fully embrace modern techniques may hamper the effectiveness of cloud security strategies.


Encryption is Lagging

Despite the critical importance of data security, the adoption of encryption remains low. Less than 10% of enterprises encrypt 80% or more of their cloud data, and the number of key management systems in use further complicates the security landscape.

This lag in encryption practices brings significant risks, particularly as the volume of sensitive data in the cloud grows.


Prioritizing Proactive Security

To better secure cloud environments, enterprises should:

  1. Drive Security Proactivity: Implement proactive security measures to achieve better outcomes, such as ensuring compliance with security audits to reduce the likelihood of data breaches.
  2. Strengthen Command of New Technologies: Invest in understanding and deploying modern cloud security solutions, such as CNAPP and advanced encryption techniques.
  3. Foster Developer and Security Partnerships: Enhance collaboration between developers and security teams to address new threats and vulnerabilities.
  4. Centralize Tools for Decentralized Teams: Provide consistent security tools and controls that enable decentralized teams to manage risks effectively.

Cloud security is dynamic and complex, and as cloud adoption continues to soar, so do the associated challenges and risks. Enterprises can better secure their cloud environments and protect their valuable data by prioritizing proactive security measures, investing in modern solutions, and fostering strong team partnerships.

The evolving landscape demands a comprehensive and adaptive approach to cloud security, ensuring that companies stay ahead of emerging threats and maintain robust security postures. Download the 2024 Thales Cloud Security Study.

Cloud Key ManagementData SecurityIdentity and Access Management

Share this content on your favorite social network today!

Core Cloud
Related Resources
Top Threats to Cloud Computing
The eleven salient threats, risks, and vulnerabilities in the cloud.
Certificate of Cloud Security Knowledge (CCSK)
The industry's standard cloud security credential.
Corporate Membership
Gain knowledge and connections in the cloud industry.
Latest from CSA
Missed the Virtual Cloud Trust Summit?
Pre-Sale: Save on the CCSK v5 Exam!
Register for SECtember.ai
Trending This Week
#1 Discover CCSK v5: The New Standard in Cloud Security Expertise
#2 Managing Cloud Misconfiguration Risks
#3 What is a Security Token Offering (STO)?
#4 Generative AI Proposed Shared Responsibility Model
#5 Tips for Managing Shadow IT
Level up with Cloud Infrastructure Security Training
Related Articles:
AI Data Considerations and How ISO 42001—and ISO 9001—Can Help

Published: 06/28/2024

Dumping a Database with an AI Chatbot

Published: 06/27/2024

9 Best Practices for Preventing Credential Stuffing Attacks

Published: 06/26/2024

Building Security Around Human Vulnerabilities

Published: 06/25/2024