Aussie, Kiwi businesses failing to secure their cloud data

The 2021 Thales Global Cloud Security Study, commissioned by Thales, has revealed that 51% and 43% of Australian and New Zealand organisations respectively have experienced a cloud-based data breach in the past 12 months. Despite the increasing number of cyber attacks targeting data in the cloud, 92% of Australian and 75% of New Zealand businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cybercriminals can have. Cloud adoption is on the rise and businesses are continuing to diversify the way they use cloud solutions. Globally, while 57% of respondents reported they make use of two or more cloud infrastructure providers, in the Asia Pacific region, this figure was 58%.

In ANZ, 20% of Australian and 22% of New Zealand organisations reported that the majority of their workloads and data reside in the cloud. This accelerated cloud adoption marks a significant shift in the use of cloud-based solutions, from being purely data storage solutions to environments in which data is used transactionally and supports day-to-day business operations. According to the study, 26% of Australian and New Zealand businesses respectively state that the majority of the data stored in the cloud is sensitive, while 51% of Australian respondents and 43% of New Zealand respondents reported a breach in the last year.

The report identified common trends about where companies turn when considering how to secure their cloud infrastructure. Australian businesses turn to encryption (74%) followed by tokenisation/data masking (69%), key management (60%) and multi-factor authentication technologies (47%) as their top four technologies to protect their sensitive data in the cloud, while the top three security technologies used by New Zealand business include key management (69%), encryption (59%) and MFA (53%). However, only 8% of Australian businesses have encrypted more than half of the sensitive data they store in the cloud, while 26% of New Zealand businesses encrypted more than half of the sensitive data they stored in the cloud.

Even where businesses protect their data with encryption, 33% of Australian organisations and 28% of New Zealand organisations mostly leave the control of keys to service providers, rather than retaining control themselves. Where large numbers of organisations fail to protect their data sufficiently with encryption, limiting potential access points becomes even more critical. However, 66% of business leaders in Australia and 75% in New Zealand admitted that their organisation does not have a Zero Trust strategy, while 21% of Australian respondents and 28% of New Zealand respondents said they aren’t considering one.

The study found that businesses share common concerns about the increasing complexity of cloud services. In Australia, 62% of respondents claimed managing privacy and data protection in the cloud is more complex than on-premise solutions, while this was slightly lower in New Zealand at 53%. Brian Grant, ANZ Director at Thales, noted that organisations in Australia and New Zealand, like their counterparts across the globe, are struggling to navigate the complexity that comes with greater adoption of cloud-based solutions.

“It’s no longer ‘if’ a cyber breach occurs but ‘when’. A robust security strategy is essential to ensuring data and business operations remain secure. With nearly every business reliant on the cloud to some extent, it is vital that security teams have the ability to discover, protect and maintain control of their data,” Grant said.

Fernando Montenegro, Principal Research Analyst at 451 Research, added that protecting customer data is always the priority and organisations should strongly consider reviewing their strategies and approaches to proactively protect data in the cloud. “This includes understanding the role of specific technologies including encryption and key management, as well as the shared responsibilities between providers and their customers. As data privacy and sovereignty regulations grow, it will be paramount that organisations have a clear understanding of how they remain responsible for data security and make clear decisions about who is in control and who can access their sensitive data,” Montenegro said.

The study was commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence. The study included the viewpoints from more than 2600 executives with responsibility for or influence over IT and data security. The respondents were from 16 countries, including Australia, New Zealand, the United Kingdom and the United States.

Image credit: ©stock.adobe.com/au/phonlamaiphoto