Cloud 101CircleEventsBlog
The CCSK v5 and Security Guidance v5 are now available!

Cloud First, Security Second?

Cloud First, Security Second?

Blog Article Published: 11/22/2022

Originally published by Thales.

Written by Chad Couser, Director, Marketing Communications, Thales.

Cloud solutions were a lifesaver for organizations during the height of the COVID-19 pandemic as employees worked remotely or went hybrid and businesses pivoted their technology strategies to keep operations going. The acceleration of cloud transformation within organizations has continued since and shows no signs of abating. However, this rapid and systemic transformation is creating significant security challenges that are causing organizations to rethink their security strategies across all levels of operations.

The recently released 2022 Thales Cloud Security Study, conducted by 451 Research, part of S&P Global Market Intelligence, offers some key takeaways and insights into both the security challenges and complexities of operating in the cloud, especially multi-cloud environments. The report, based on a survey of almost 2,800 respondents from 17 countries, touches on the key security challenges associated with multi-cloud adoption, including an increase in the sentiment that cloud security is more complex, with 51% of respondents agreeing that managing privacy and data protection in a multi-cloud or hybrid environment is more complex than on-premises.

Multi-cloud Adoption Challenges and Complexities

More organizations are adopting multi-cloud environments as they navigate their digital transformation and access and store more data than ever in the cloud. For example, the study highlights that survey respondents report significant expansion in the use of multiple infrastructure-as-a-service (IaaS) providers, as the percentage of organizations using multiple IaaS providers increased from 51% in 2021 to 72% in 2022. The report also highlights the complexity involved in overcoming security challenges as organizations chart their path to multi-cloud. Some of the challenges are the direct result of using a variety of venues, for example, on-premises, datacenter, private cloud, external cloud providers, and cloud security tool sprawl.

Adding to these challenges is the complexity of storing sensitive data across multi-cloud environments and the associated data classification issues. Storing data in the cloud can increase the risk of cloud-related attacks. In fact, 45% of respondents said they experienced a data breach involving data that resides in the cloud, which is an increase from the 35% in 2021.

66% of respondents indicated that up to 60% of their sensitive data is stored in the cloud, but only 19% of respondents said they know where all of their data is stored. Only 25% of respondents said they could fully classify their data. The report highlights that these low percentages are likely due to the complexity of multi-cloud environments where data storage spans across cloud providers, on-premises infrastructure, applications, and teams.

Modern Authentication in the Cloud

Securing data in a multi-cloud architecture requires strong approach to identity and access management, especially modern authentication that can address the security for organizations with diverse worker profiles like factory floor employees and white collar employees. Results varied in response to the question of what percentage of employees use modern authentication for cloud access and software-as-a-service (SaaS) applications, but only 21% of organizations are applying modern authentication for 60% or more of their employees. The results suggest that while survey respondents may see the value of modern authentication, widespread adoption does not exist yet.

Encryption and Key Management in the Cloud

Properly implemented encryption mitigates the risk of exposing an organization’s sensitive data. Respondents reported using cloud provider platforms and their own platforms when asked how enterprises manage encryption in IaaS and platform-as-a-service environments. The survey response shows that 39% said more than half of their applications use cloud provider encryption, and only 13% bring their own encryption exclusively. When an organization implements a strong bring-your-own-encryption (BYOE) solution, it mitigates the risks associated with potential data exposure to third parties and helps decrease the complexity of managing encryption across multiple clouds. BYOE provides higher confidence that the organization’s data is secure and that they are complying with relevant laws and regulations.

The survey responses indicate that only 15% of respondents reported having complete control of encryption keys, which is a slight increase from last year’s findings. When asked who controls their encryption keys, survey results showed that customers controlled their keys in some cases, and in other cases, cloud providers controlled the keys. As mentioned in the report, the findings suggest that there may be an opportunity for organizations to consolidate and centralize on independent third-party platforms with bring your own key (BYOK) capabilities that reduce complexity and provide coverage across multi-cloud environments.


While the cloud has helped many organizations succeed and, in some cases, thrive as they adjusted to the pandemic, it has only brought the issue of security to the front even faster. To learn more about the security challenges and complexities of managing and running operations in the cloud, you can read the full 2022 Thales Cloud Security Study now.

Share this content on your favorite social network today!