Businesses across the globe are accelerating the shift to the cloud in a modern digital world where infrastructure has to be more agile, capable and distributed to support customers and hybrid workforces that are accessing data from anywhere.
This shift is driving dramatic increases in multicloud adoption to expand ecosystems of partners and to enable effective and efficient remote work. Along with this shift, security challenges have changed and increased and are top of mind for IT teams and security professionals. In Thales' report we can read about findings from a global survey of almost 2,800 respondents, spread across 17 countries and a broad range of industries, organization sizes and job functions. As more data is stored across multiple cloud providers, surveyed companies continue to report issues with cloud data breaches and failed audits.
Multicloud Adoption Is Growing
The journey to the cloud is becoming more complex. For IaaS and PaaS, customers said they’re doing a mix of lift-and-shift, repurchase-and-shift, and rearchitecting when migrating applications to the cloud. That mix is changing, with the percentage intending to lift-and-shift, the simplest of migration tactics, dropping from 55% to 24% this year. That could indicate that organizations are moving complex applications to the cloud, which requires complex operational support.
Source: Research’s 2022 Cloud Security custom survey
Multicloud Complexity Creates Security Challenges
Most organizations in the research are using a mix of venues – on-premises, data center, private cloud, etc. – in addition to external cloud providers. Respondents mentioned encryption, key management, hardware security modules, zero trust network access, single sign-on, a virtual private network and multi-factor authentication as key systems for securing access to data in the cloud.
Sensitive Data in Cloud
Data storage and classification are major concerns. Enterprises are storing some sensitive data in cloud providers, but not exclusively. Most respondents (66%) store 21-60% of their sensitive data in the cloud. Only 22% store more than half (61-100%) of their data in the cloud. This suggests that many enterprises still store a significant amount of sensitive data outside of cloud environments, likely on-premises or in privately hosted infrastructure.
Only
of respondents said they know where all of their data is stored.
Security Teams Drive Policy and Standards
Security teams play a major role in deciding and enforcing policies and standards. Eightyfour percent of respondents said security teams define policy. That encompasses 37% who indicated that security teams manage both policy and standards, and 48% who said that security teams set policy but that setting and enforcing technical standards is left to cloud delivery teams. Only 16% said they leave policies, standards and enforcement to cloud delivery teams. To increase efficiency, organizations need to establish guidelines for consumers of cloud infrastructure that will allow them to build secure environments without direct intervention from security teams.
Multicloud adoption is soaring, and organizations not only have to expect this to be the normal operating mode, but they also need to be ready for expansion. They must plan accordingly since the complexity of managing multicloud environments creates security challenges.