When Microsoft boss Satya Nadella remarked that we had seen a few years’ worth of digital transformation in a few months, he was undoubtedly referring to the cloud.
Indeed, the revenue generated by the cloud businesses of Microsoft, Amazon, and Google rose by around a third between the final quarter of 2019 and the second quarter of 2021.
Such growth is not confined to the big beasts of the sector either, with the likes of Okta, Twilio, and Snowflake all surging in value during a pandemic in which so much of our lives has moved online.
It should perhaps come as little surprise, therefore, that Thales’ recent Global Cloud Security report found a similar surge in cloud-related cyberattacks, with 40% of organizations experiencing some form of a cloud-based data breach during the past year.
“The COVID-19 pandemic has accelerated what has been a long-term broad adoption of cloud environments, including multi-cloud and hybrid deployments,” the report says. “The benefits of cloud come with significant new security challenges for organizations.”
Exposed data
The researchers surveyed over 2,600 security professionals to try and understand the security implications of the huge shift towards cloud-based platforms during the pandemic.
The analysis found that nearly 60% of respondents said they were currently using at least two cloud infrastructure providers, with around a quarter saying that the majority of their data and workload is now conducted in the cloud.
It’s a picture ably reflected in a recent analysis by McKinsey, which echoed Nadella’s comments from the start of the pandemic and found that companies across the world had typically accelerated their adoption of cloud-based technologies by around three years. This transition also reflected a change in the way companies are using the cloud, from the primary data storage applications of pre-Covid times to much more holistic support for day-to-day business operations that we’re seeing today.
“For those looking into cloud adoption, the pandemic merely accelerated what has been a long-term broad adoption of cloud environments, including multi-cloud and hybrid deployments,” the authors explain. “There are numerous benefits to this adoption: faster time to value and time to market, as well as the ability to experiment and quickly leverage elasticity and resiliency.”
Security implications
This transformation has significant security implications, however, with 21% of respondents saying that they’re hosting commercially sensitive information in the cloud. This is important as 40% also said that they had suffered a data breach in the past 12 months.
To try and hedge this risk, organizations are deploying a range of tactics, with multi-factor authentication the most popular. The effective use of encryption was far less common, however, with just 17% of respondents saying that they’re using this to try and keep sensitive data secure. This figure fell even lower among those organizations that were utilizing a multi-cloud approach.
What’s more, even when encryption was used by organizations to protect their data, over a third would leave control of the encryption keys with their service provider rather than retain control themselves. The authors argue that among those organizations not using encryptions, access control is even more important, yet around half of the respondents said they were not using any kind of Zero Trust policy, with a quarter not even considering one.
Growing complexity
Securing one’s IT systems has been made that much harder by the growing complexity of cloud services in the marketplace. For instance, nearly half of respondents said that managing their data protection and privacy in the cloud was significantly more complex than doing so on-premise.
This is perhaps one reason why hybrid models remain popular in many organizations, with just over half of companies saying that their ideal approach is to “lift and shift” particular applications to the cloud rather than a complete re-architecting of their entire IT infrastructure.
This situation is often compounded by a lack of connectivity between those tasked with looking after the commercial side of the business and those tasked with looking after the IT infrastructure.
“There’s a gap between practitioners and senior management in multiple areas, which, if left unaddressed, may result in friction within the effort to secure cloud adoption,” the authors explain. “For most organizations, effective security requires alignment both at the operational level and within senior leadership conversations.”
With so many organizations already facing security issues with regards to their cloud implementations, and the rest surely going to at some point, this is a disconnect that can’t continue if firms are to make cloud-based transformation secure as well as incredibly effective.
