Organizations are running headlong into multi-cloud infrastructure deployments. But with more platforms to secure, the room for operational error has grown, according to a new Thales Global Cloud Security Study. The report identified human error as the leading cause of cloud data breaches this year.
Organizations are recognizing the complexities that come with the modern cloud — over half (55%) of respondents admitted managing data in the cloud is more challenging compared to an on-premise environment, a figure up 9% from 2022, according to the study.
Plus, the average number of cloud infrastructure providers — Infrastructure as a service (IaaS) and platform as a service (PaaS) — has also increased by 35% for organizations to average 2.26 providers, according to the cloud security report. Now equipped with multiple eggs in multiple baskets, organizations must think of the new security controls and data protection models necessary for each cloud provider when expanding its multi-cloud environment.
The cause for concern around multi-cloud stems from the give and take relationship organizations have when expanding their cloud environment. While enterprises would love for it to be as simple as adding a new tool here, or tightening a protocol there, sadly it’s not that simple.
More than a third (39%) of businesses experienced a data breach in their cloud environment last year, an increase from the 35% reported in 2022, according to Thales.
“As attackers target cloud-based resources, there’s a greater need for organizations to improve their security posture. As the data indicates, that task is all the more difficult when there are more cloud providers to secure, which could be contributing to the reported increase in successful attacks," the report stated.
Out with the old: from on-prem to cloud
As orgs shift to the cloud, they’re replacing traditional on-premise functionality with software as a service (SaaS) applications — a five star treat for a community of attackers increasing its skill level in those environments.
The mean number of SaaS applications grew 41% between 2021 to 2023, according to Thales. But more than a third of organizations ranked SaaS apps as the top target for cyberattacks, hinting that current strategies for platform management is not enough to keep up with a growing threat landscape.
Organizations should dedicate “separate teams to specialize in each platform” or “expect security teams to become well-versed in multiple platforms at the same time,” according to Thales.
This strategy can alleviate security teams’ challenges in a “hostile” cloud environment — while lowering the chance of human error.
What can be done?
To combat the aforementioned challenges, a large number of respondents (65%) have adopted multi-factor authentication (MFA), suggesting that “identity and access management (IAM) has been identified as a top mitigating control for data breaches.” But this is “still not good enough,” according to Thales. Only 41% reported to have implemented zero-trust strategies, which is an area where organizations will need to have better footing to improve operational security.
A greater use of data encryption and gaining control over encryption keys is currently “underutilized in security, more so than in other technological disciplines, and is another tool to reduce the risk of human error alongside the efficiency gains it provides,” according to the study.
With more workloads and data residing in the cloud, it’s becoming harder for organizations to keep up with the security challenges in an expanded cloud environment. Organizations will need manageable data protection practices in the cloud to overcome human error-caused cloud data breaches and to prepare for a multi-cloud's growing threat plane.
Achieving security and optimizing performance are among the top skills needed for managing a multi-cloud environment, according to VMware Senior Director of Product Marketing Mark Leake, and Premkumar Balasubramanian, SVP and CTO for Digital Solutions at Hitachi Vantara.
“Once an organization crosses into two or more cloud environments, it will need to eliminate redundant processes while maintaining a baseline defense strategy that holistically protects its data through a common framework,” according to Leake and Balasubramanian. “No two clouds are the same as no two organizations are the same. It’s critical for an enterprise to optimize the cloud environments it has across the entire organization to find the best option for each use case.”