Global corporations prioritizing cloud security on a global scale

Global corporations prioritizing cloud security on a global scale

A new study by Thales, based on a survey of 3,000 IT and security professionals from 18 countries, has shed light on the current state of cloud security. The study reveals that as cloud use becomes more prevalent, the attack surface and network complexity are increasing, making it crucial for organizations to bolster their security measures.

The State of Cloud Adoption

The study found that two-thirds of organizations use 25 or more Software as a Service (SaaS) applications, indicating a widespread reliance on cloud-based solutions. However, this increased use of cloud services also means a larger attack surface, making organizations more vulnerable to cyber threats.

The Threat Landscape

The study reported that approximately 14% of the respondents experienced a breach in the past year, with more than 40% of the respondents reporting experiencing a cloud environment breach at some point. The attacks are linked to failure to use Multi-Factor Authentication (MFA), with failure to use MFA being a factor in 17% of the breaches.

Nearly one-third of the reported incidents were due to human error or misconfiguration, and the exploitation of known vulnerabilities was a factor in 28% of the breaches. These threat groups target companies, government agencies, and other organizations that store data in the cloud.

Leading Cloud Providers Under Attack

Leading cloud providers, such as Microsoft, have been targeted by sophisticated threat groups. These attacks underscore the need for organizations to verify not only encryption and disaster recovery capabilities but also regulatory compliance, provider credentials, and identity management practices before migrating sensitive data.

Recommendations for Improving Cloud Security

Organizations can improve cloud security by adopting a multi-faceted approach that addresses evolving threats. Key measures include:

1. Enhance visibility and monitoring through centralized platforms that unify telemetry across hybrid and multi-cloud environments to eliminate blind spots and detect threats early.
2. Implement continuous compliance and configuration management tools to prevent breaches caused by misconfiguration, a leading cause of cloud security incidents.
3. Strengthen Identity and Access Management (IAM) with zero-trust architectures to mitigate insider threats and privilege misuse, which are common risks in cloud environments.
4. Encrypt data both in transit (using TLS) and at rest (using AES) to protect sensitive information from interception or unauthorized access.
5. Conduct thorough audits of cloud service providers to verify their security postures.
6. Classify data carefully and limit cloud storage to data that meets the organization's security and compliance criteria; sensitive data such as financial or regulated information should be handled with extra caution.
7. Adopt AI-driven and adaptive security measures to counter advanced attacks exploiting cloud dynamism and evade traditional detection methods.
8. Use integrated security tools with seamless interoperability to share threat intelligence and enforce policies efficiently across all cloud environments, avoiding security gaps caused by fragmented solutions.

These practices respond to the evolving attack landscape typified by recent incidents involving Snowflake environments, where insecure integrations or misconfigurations could be exploited by attackers. Ensuring continuous monitoring, strict access controls, and verified cloud provider security postures helps reduce exposure to such incidents while aligning with findings from Thales and leading industry reports.

Todd Moore, VP of data security products at Thales, stated that the cloud is not inherently more secure than on-premises, and security is determined by the measures put in place to protect data within the cloud. As such, it is essential for organizations to prioritize cloud security to protect their sensitive data and maintain the trust of their customers and stakeholders.

Cloud security and cybersecurity are critical concerns as organizations increasingly rely on cloud-based solutions, given the rising attack surface and network complexity. To counter the emerging threats, organizations should adopt a multifaceted approach that includes enhancing visibility and monitoring, implementing continuous compliance and configuration management tools, strengthening Identity and Access Management (IAM), encrypting data, conducting thorough audits of cloud service providers, classifying data carefully, adopting AI-driven security measures, using integrated security tools, and prioritizing cloud security to protect sensitive data. Thisapproach is vital in addressing the evolving attack landscape, as highlighted by recent incidents involving Snowflake environments, where insecure integrations or misconfigurations could be exploited by attackers.

Read also: