Report finds cloud more complex to manage than on-prem

Report finds cloud more complex to manage than on-prem

Thales report reveals Australian businesses find cloud privacy and data protection more complex to manage than on-prem.

A report from Thales reveals Australian businesses find cloud privacy and data protection more complex to manage than on-prem.  

Over half of Australian businesses (53%) believe cloud privacy and data protection is more challenging to manage than on-premises. Yet, according to the 2022 Thales Cloud Security Report conducted by 451 Research, part of S&P Global Market Intelligence, increasingly complex cloud environments are on the rise.

Brian Grant, ANZ Director, Thales Cloud Security

Globally, cloud adoption and notably multi-cloud adoption, continues to rise. There has been an expansion in the use of multiple IaaS providers, with almost three-quarters (72%) of businesses using multiple IaaS providers, up from 57% the year before. The use of multiple providers has almost doubled in the last year, with one in five (20%) respondents using three or more providers.  

In Australia, a fifth (22%) of businesses now use over 50 Software-as-a-Service (SaaS) applications, while one in 10 (10%) uses over 100. However, despite rapid growth in the prevalence and use of cloud services among businesses, research indicates many are still navigating how to protect the complicated environments they have created.

Security challenges of multi-cloud complexity

With increasing complexity comes an even greater need for robust cybersecurity, yet in the past 12 months, over a third of Australian businesses (36%) experienced a cloud-based data breach or failed audit. 

When asked what percentage of their sensitive data is stored in the cloud, almost three quarters (73%) said between 21% to 60%. However, only a quarter (23%) said they could fully classify all data. Furthermore, 16% say their employees still use nothing other than passwords to access data stored in cloud or SaaS applications. 

Four in 10 (40%) respondents admitted issuing a breach notification to a government agency, customer, partner or employees, which should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries. 

Cyberattacks also present an on-going risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with almost half (45%) citing an increase in ransomware, 43% in malware and 40% in phishing/whaling. 

Protecting sensitive data 

When it comes to securing data in multi-cloud environments, Australian IT professionals view encryption as a critical security control. Most respondents cited encryption (60%), multi-factor authentication (51%) and key management (47%) as the security technologies they currently use to protect sensitive data in the cloud. However, when asked what percentage of their data in the cloud is encrypted, only one in 10 (13%) of respondents said between 81-100%.

Key management platform sprawl may also be a growing issue for many enterprises with half (50%) using between five to 10 platforms compared to just one in 10 (11%) using one to two platforms. In addition, a quarter of respondents (23%) admit to giving cloud providers full control of their encryption keys while 56% have handed over at least half of their encryption keys.

Positive cloud security signs 

It is, however, encouraging to see Australian enterprises embracing and investing in Zero Trust. Nearly a quarter of respondents (24%) said they are already executing a Zero Trust strategy, and 16% said they are evaluating one. This is a positive result, but there is certainly still room to grow as 33% still have no strategy. 

Brian Grant, ANZ Director at Thales Cloud Security, said: “In the wake of the pandemic, business leaders reacted with quick, bold decision-making and jumped straight into cloud delivered digital services. For many, this surge towards a ‘cloud-first’ approach meant security and safety became afterthoughts, and there’s no point being the fastest car on the racetrack if you crash on the first corner. 

“For all its benefits, cloud computing has layered on considerable complexity, which has always been the enemy of good security. The challenge of managing multi-cloud environments cannot be overstated, so to operate safely, retaining control over who, what, when and where data is visible must become an executive mandate within every organization.” 

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive