Thales Data Threat Report: Cloud an ‘Inflection Point’ for Data Security

More than 40% of organizations say they are underway with digital transformation — projects that are complicating data security efforts, especially in the cloud.

That’s one major takeaway from the 2020 version of the annual Data Threat Report. Thales eSecurity commissioned the survey, and research firm IDC carried it out.

Analysts say enterprises have reached an “inflection point” because half of all data now resides in the cloud, thanks to digital transformation. (Incidentally, the United States leads in these deployments, at 59%, with the U.K. trailing closely, at 51%.) And almost half (48%) of that data is deemed sensitive.

Add to that the reality that most cloud environments are comprised of multiple platforms. All this, the report notes, creates complexity that hinders data security.

The problem is, two-thirds of organizations perceive their environments as very secure.

“[But] organizations are not implementing the processes and investing in the technologies required to appropriately protect their data,” analysts wrote. “More than half have been breached or experienced failed security audits. And when it comes to securing data in the cloud, most companies incorrectly look to their cloud providers for their portion of the shared responsibility model.”

Most respondents funnel only a small portion of their IT budgets toward securing their data in the cloud, IDC found. The bulk continue to shore up their network security instead.

Data Security Spending

Even so, analysts said 46% of organizations intended to boost data security spending in the 12 months following the survey, which IDC conducted in November. That means the latest Thales Data Threat report does not reflect the impact of the COVID-19 pandemic and its subsequent effect on organizations making sudden moves into the cloud, potentially increasing data security risks.

The imperative to put more money into data security already was clear, even before the novel coronavirus outbreak. IDC said almost one-half (49%) of global respondents had experienced a breach at some point, with 26% suffering a breach in the past year. It only makes sense that now, as more firms choose cloud solutions to provide unplanned work-from-home support, that the risk grows greater without a solid security strategy.

Consider, too, that 95% of organizations surveyed rely on software-as-a-service applications, which run from the cloud. Plus, 78% of those users store sensitive data in those programs, IDC said. Those figures don’t include the sensitive data housed in PaaS or IaaS environments globally. In the U.S. alone, organizations keeping sensitive data in cloud environments looks like this: 79% in SaaS, 48% in PaaS and 46% in IaaS. All this stands to create a perfect storm of data threats.

The channel is in a great spot to step in and help. Overall, in the Thales Data Threat report, IDC recommends a multilayered approach to data security. Analysts encourage organizations to embrace cloud shared security responsibilities. They also recommend adopting a zero-trust model that authenticates and validates the users and devices accessing applications and networks. At the same time, they suggest employing more robust data discovery, hardening, data loss prevention and encryption solutions. Cloud-centric MSPs, VARs, system integrators and other partners are the right experts to implement and guide those initiatives for clients.

‘Zero Trust’

That “zero trust” approach is key, according to IDC. It “eliminates the binary trust/don’t trust approach of yesterday’s on-premises, perimeter-centric reality and instead requires a least-privileged, continuous validation and verification approach, providing both network and application-centric access protections,” analysts wrote. “Likewise, technologies like …