Cloud cyberattacks are on the rise, but it’s not surprising

Nearly half of all world organisations have had some sort of experience with problems regarding data security. And indeed, as more data is created, the more it will leak, the more security audits will fail, and the more frequent attacks will become. It is an inevitable part of any technology’s lifecycle and the cloud, which is currently still one of the most secure ways of storing and managing your data, is no exception to this rule. Most of the time, new security services and solutions won’t be of much help either as generally, companies don’t actually know which solutions they should implement to protect themselves. This is the conclusion that security company Thales came to in their recent Cloud Security Study: Global Edition.

Multi-cloud solutions are on the rise

Alongside new technologies and increasingly more complex applications, the implementation of cloud technology is also becoming more complicated and simply transferring your data and applications to the cloud is no longer enough. This is confirmed by both Thales’ study as well as ADM Cloudtech’s (where I work) experience as the cloud management partner for various companies and government institutions — implementing cloud solutions in the simplest way AKA by transferring data to the cloud has decreased by about half (from 55% to 24% according to Thales).

In contrast, use of multi-cloud solutions is on the fastest rise — last year, around 57% of all companies surveyed used multiple IaaS service providers, but this year, that number has grown to 72%. The biggest part of that increase belongs to organisations that use three or more IaaS service providers — their proportion increased from 10% to 20%.

The increasing popularity of multi-cloud solutions is logical and completely warranted. First, using different cloud services decreases a company’s dependency on one single service provider; second, it gives the company more flexibility by providing the opportunity to use specific services from different cloud solutions, e.g., artificial intelligence or big data processing; and third, using multi-cloud solutions can help isolate and decrease the effect of potential incidents. But despite all these positive aspects, we must still account for potential risks.

Security, security, security

By trusting our data to the cloud, the most burning question is not about the rented storage space or about dividing potential risks up between multiple service providers, but about the security involved. The golden rule here is that the more data you store in the cloud, the more important security becomes. This rule is perfectly exemplified by Thales’ report, which found that 35% of organisations have experienced data leaks from the cloud or have failed their cloud resource audits. The latter is certainly better than an actual data leak as it provides us with the opportunity to improve existing solutions before any actual damage is done. Prevention is increasingly more important as the amount of sensitive data and critical applications stored in the cloud is growing with each day: 85% of companies say that about a fifth of the data they store in the cloud is sensitive, and over 50% say that at least 40% of the data they have stored in the cloud is confidential. As the amount of sensitive data in the cloud has grown, so has the number of malware, ransomware, and phishing attacks. Even this makes sense as the bad guys tend to go where the money is to try and get their share of it.

The most efficient ways of reducing cloud-related risks are thought to be the encryption of data and connections (59%), Key Management (52%), and the Zero Trust security model. Data encryption has become more popular over the last year, but there are still plenty of organisations where the data they store in the cloud is either completely or partially unencrypted — only 11% of organisations can say that at least 81% of their data is encrypted.

When encrypting data, it’s also important to ensure that the encryption method used matches the sensitivity of the data. Based on our experience, the default assumption is that all data is encrypted at rest as well as in transit in both external and internal networks. At the same time, when it comes to highly sensitive data, it is worth considering the new options available in cloud services, such as confidential computing, which allows processing in-use encrypted data. If the client is also in charge of managing their own cryptographic keys, then that helps to ensure that only they know the actual content of their data being processed in the cloud.

The Zero Trust model is already being used by a third (29%) of organisations, 27% are planning to implement it, 23% are thinking about implementing it, and 20% have no plans for using it (yet). Compared to last year, it’s definitely a positive development, but about a fifth of companies who use cloud solutions are still without any kind of Zero Trust model.

Another positive development is that more organisations than ever before are basing their cloud security strategies either partially (47%) or largely (34%) on Zero Trust.

Strong authentication is an important part of the Zero Trust model with a development in that area as well — nearly half of all respondents said that it plays a key role in Zero Trust. Still, it doesn’t mean that modern authentication solutions haven’t already been implemented in the cloud.

Zero Trust should have been integrated into the DNA of all IT-related activities a long time ago. It is equally important in both the cloud as well as in your building, on your employees’ devices, and all the networks (including your internal network!) that your employees use to move company data. That is why over a year ago, we implemented a complete Zero Trust model at ADM Cloudtech. The model includes our whole IT infrastructure with no exceptions and provides us with the certainty that in the case of an attack, our job is not interrupted since the reach of any attack will be strongly limited.

In the name of better security, all organisations should make their security infrastructures more efficient, implement the Zero Trust model and modern authentication solutions, and train their employees to be well-versed in security. This doesn’t come cheap and isn’t always very easy, but it is extremely important to ensure the sustainability of any organisation.

Conclusion

Multi-cloud is the present and future of cloud technology, something that companies must account for by implementing efficient security solutions. The rising importance of remote and hybrid work as well as digital channels in how companies operate does not make this task easier. As multi-cloud becomes more prevalent, it enforces the need to constantly improve current security solutions and to develop new tools that help to protect various environments efficiently.