Multi-cloud environments bring new security threats

Over half of Australian businesses (53%) are finding it harder to manage privacy and data protection in the cloud rather than on-premises, a new report from Thales suggests.

The company’s annual Cloud Security Report found that over the past 12 months, over a third of Australian businesses (36%) experienced a cloud-based data breach or failed audit, and 40% admitted to issuing a breach notification to a government agency, customer, partner or employees.

Despite the increased risk, cloud adoption — and multi-cloud adoption in particular — is continuing to rise, the report suggests. In Australia, 22% of businesses now use over 50 software as a service (SaaS) applications, while 10% use over 100.

Multi-cloud environments bring additional security complications, the report found. When it comes to securing data in multi-cloud environments, Australian IT professionals view encryption as a critical security control. Other key security technologies cited by respondents include multi-factor authentication and key management.

Yet the results also suggest that only around 13% of businesses encrypt more than 80% of their data in the cloud, while 23% give cloud providers full control of their encryption keys.

Thales Cloud Security ANZ Director Brian Grant said the findings should be a wake-up call to companies pursuing an expanded multi-cloud strategy.

“In the wake of the pandemic, business leaders reacted with quick, bold decision-making and jumped straight into cloud-delivered digital services. For many, this surge towards a ‘cloud-first’ approach meant security and safety became afterthoughts, and there’s no point being the fastest car on the racetrack if you crash on the first corner,” he said.

“For all its benefits, cloud computing has layered on considerable complexity, which has always been the enemy of good security. The challenge of managing multi-cloud environments cannot be overstated, so to operate safely, retaining control over who, what, when and where data is visible must become an executive mandate within every organisation.”

Image credit: ©stock.adobe.com/au/alice_photo