Thales Blog

Organizations Struggle with Cloud Security in the Post Digital Transformation Era – Highlights from our 2020 Data Threat Report-Global Edition

February 24, 2020

Tina Stewart Tina Stewart | VP, Global Market Strategy More About This Author >

2020 marks the launch of the Thales Data Threat Report-Global Edition for the seventh consecutive year. This year the report focuses on the post digital transformation era. In previous years, we have discussed the efforts of businesses to digitally transform their processes to maintain or gain a competitive advantage and many of these transformative technologies involves moving to the cloud.

The 2020 Thales Data Threat Report-Global Edition indicates that we have reached a tipping point. Today, half (50%) of all corporate data is stored in the cloud and nearly half (48%) of that data is considered sensitive (everything from intellectual property to employee, financial or personal data). Whatever the nature of the data stored in the cloud, it needs to be secured.

As more sensitive data is stored in cloud environments, data security and privacy risks increase. Regulations such as GDPR or the California Consumer Privacy Act (CCPA) mandate the use of appropriate protection technologies, such as encryption, and policies to minimize the risk of exposing this sensitive data to threats.

Sage advice: encrypt everything

Beyond alleviating cloud concerns, encryption was identified as the top tool to drive the use of other digitally transformative technologies like, big data, IoT and containers, according to the 2020 Thales Data Threat Report-Global Edition.

Yet, despite their significance, rates of data encryption and tokenization are low. In fact, all survey respondents said at least some of their sensitive data stored in the cloud is not encrypted. Only 57% of sensitive data stored in cloud environments is protected by encryption and less than half – 48% – is protected by tokenization.

We are living in a multi-cloud world

Nearly 40% of survey respondents rate complexity as their top perceived barrier to implementing data security. This is in part due to securing data in the cloud, as the majority of the respondents claimed they have multi-cloud environments. The organizations surveyed are using multiple IaaS and PaaS environments, as well as hundreds of SaaS applications.

Besides complexity, data security in the cloud faces two more challenges – one cultural and one technological. Despite the pervasive and expanding threats to data security, enterprises feel less vulnerable in 2019 than they did in 2018. This low level of perceived vulnerability does not reflect reality and is not supported by reported data security best practices or investments. What’s interesting is that organizations haven’t significantly changed their behaviors by using tools that would actually make them less vulnerable.

Companies need to take a multi-layered approach to data protection by embracing a shared cloud security strategy and adopting a zero trust model that authenticates and validates users and devices accessing applications and networks. In addition, employing more robust data discovery, hardening, data loss prevention, and encryption solutions is highly encouraged. This is all recommended to help guard against data breaches and/or failing a compliance audit—both of which come with potentially serious financial impact and reputational damage attached. In fact, 47% of organizations surveyed reported that they have been breached or failed a compliance audit in the past year.

A look ahead—quantum computing

Advances in quantum computing will only make keeping data secure more difficult. The news last year was flooded with announcements from IBM, AWS and we heard from Google about achieving “quantum supremacy”. Quantum computing will render everything we know about cryptography obsolete. It’s impact is imminent and 72% of the survey respondents see it affecting their cryptographic operations in the next five years.

The coming year will bring new and increasingly complex challenges when it comes to data protection for organizations around the globe. Businesses will need smarter, better ways to approach data security. Encrypt everything, embrace a zero-trust model and implement a strong multi-cloud key management strategy and you’ll be off to a good start.

For more key findings, please download a copy of the 2020 Thales Data Threat Report-Global Edition and attend our upcoming webinar, “The Global State of Data Security: Zero Trust in a Multi-Cloud World”, on Thursday, March 5 at 11:00 a.m. ET.

If attending RSA Conference 2020 this week, be sure to stop by our booth #N5445 to speak to one of our experts.