Digital transformation is well underway. An estimated 50% of all business data is already stored in the cloud; while 48% of this data can be considered sensitive in nature. These figures, which were reported on Monday in a global study by Thales and IDC, paint a promising future for the enterprise cloud industry. They also seem to signal growing confidence in the technology’s security and privacy capabilities. So, regarding data security, is your cloud data secure?
Data security: number and perception
The same survey revealed that only 57% of all cloud-stored sensitive data is protected by encryption, whereas 100% of respondents admit to having at least some unencrypted sensitive data in the cloud. One could think this constitutes further proof of the enterprise’s sense of data security. In reality, the number of respondents that feel their data is vulnerable to cyberthreats (86%) has increased considerably since last year’s report (67%). Furthermore, 47% of businesses report having been breached or failed a security test in the past year.
There is thus a clear disconnect between the perceived levels of data security and the actual measures being put in place. Many decision-makers are not paying enough attention to their own danger alerts, and that is dangerous.
So — how can you tell if this happening in your organization? There are a few telltale signs.
Choosing the right multi-cloud partners
Achieving optimum levels of data protection is becoming increasingly difficult as more and more companies turn to different cloud providers to meet their various business needs. The vast majority of businesses (81%) report using more than one infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) vendor. Meanwhile, 72% of organisations state they use between 11 and 100 software-as-a-service (SaaS) applications — That’s a lot of potentially breachable data living in the cloud.
Data security: how to implement a proper strategy
These multi-cloud environments add a layer of complexity on top of the already complicated world of cybersecurity. In turn, survey respondents identify complexity as the top barrier to implementing a proper data security strategy.
To protect data integrity, organisations must leverage the appropriate set of tools across platforms and partner with those vendors offering solutions that fit within their ecosystem. Ideally, your various security tools and protocols should cover both on-premises and cloud-based data and be compatible with one another.
If that’s not the case, it might be time to review your security architecture. Putting together the right team has also become essential for multi-cloud success. Consider hiring a cloud security specialist if you haven’t done so yet.
Data vs network security
Despite 83% of organisations planning to either maintain or increase their security spending in 2020, the portion of the security budget destined to data security remains marginal at 15.5%. Comparatively, companies spend much more on network security. This seems to be due to another important disconnect — that between the major perceived security threats and the reality behind most data breaches.
While more than half of businesses are worried about cybercriminals, terrorists and corporate espionage; everyday issues that tend to pose greater challenges to data integrity are often less cause for concern. Just in the UK alone, 90% of data breaches experienced in 2019 originated from a human error. Employee communications, system misconfigurations and privileged users with access to sensitive resources are all potential risks that network security cannot mitigate.
Data security: accesses and permissions
A great focus on data security is, therefore, highly recommended. Re-examine and restrict your access protocols and permissions, encrypt greater amounts of data and make sure to store and safeguard the keys properly. Moreover, invest in data recovery and backup tools.
Also, do not rely too much on your providers to protect your data. Sure, the cloud is fundamentally a shared responsibility environment. However, there are many proactive measures that you can implement internally to safeguard this data.
Remember – if there is a breach, it will be the company’s reputation the one to take the biggest hit, not the provider’s.
The threat of emerging tech
Although most experts do not see widespread quantum computing entering the scene until 15 or 20 years from now. The security risks this emerging technology represents are already in the minds of business leaders. Around 72%% of companies believe quantum computers will start disrupting their encryption efforts within 5 years.
Quantum computations can potentially decipher most cryptographic key systems used today. However, the technology is still in its infancy, and companies shouldn’t worry too much about its security implications just yet. But, if you’d like to start future-proofing your system, there are several vendors out there already working with quantum cryptography methods.