Cloud attacks rise but majority of sensitive data remains unencrypted

Cloud attacks depicted by a digital mockup of a cloud floating above a circuitboard, all in a futuristic-looking colour scheme of neon blue, purple and yellow
(Image credit: Getty Images)

Less than half of the sensitive data in organizations’ cloud environments is encrypted despite a continuous rise in attacks.

According to Thales’ latest report,  just 45% of sensitive data stored in the cloud is currently encrypted, despite 39% of respondents having experienced a breach in their cloud environment in the last 12 months, up 9% from the previous year. 

Despite the increase in sensitive data being stored in the cloud, only a fifth (22%) of respondents reported that more than 60% of their sensitive data is protected with encryption.

The issues also extend to the control businesses have over their encryption keys, with only 14% stating they controlled all the keys to their data in their cloud environments. Additionally, nearly two thirds (62%) said they have five or more key management systems, which increases the overall complexity of securing their data.

The annual report surveyed nearly 3,000 IT and security professionals across 18 countries, examining the latest cloud security threats, trends, and emerging risks. 

Concern for the security of sensitive data is elevated due to a considerable increase in the level of such data being stored in the cloud. 


Blue whitepaper cover with title

(Image credit: TrendMicro)

Prioritize zero trust for better cloud security

Working together to enable a zero trust approach


Three-quarters (75%) of businesses reported more than 40% of their stored data is classified as sensitive, compared to 49% of businesses just a year ago.

In terms of targets, more than a third (38%) ranked software as a service (SaaS) applications as the top target for attackers, followed by cloud-based storage (36%). Human error was reported as the leading cause of cloud data breaches by 55% of respondents.

The findings come at a time when the adoption of multi-cloud continues to snowball, with 79% of organizations now having multiple cloud providers.

“The study shows that organizations are operating in a dynamic multi-cloud landscape, demanding seamless and efficient access to on-demand IT infrastructure and services,” said Sebastien Cano, SVP for cloud protection and licensing activities at Thales.

In addition to infrastructure growth, the report also found that the use of SaaS apps is also seeing a significant uptick, with 22% of businesses now utilizing between 51 and 100 different SaaS applications – compared with 16% back in 2021.

It all adds up to increasingly complex challenges for businesses, with 55% stating that managing their data in the cloud is more complex than tackling on-premises environments. 

A large proportion (83%) also expressed concerns over digital sovereignty, while 55% said data privacy and compliance in the cloud has become more difficult. 

Improving cloud security

Recommending next steps for vulnerable organizations, Thales highlighted identity and access management (IAM) as a “crucial measure” in mitigating breaches. 

The firm’s report found that the adoption of robust multi-factor authentication (MFA) is continuing to progress, with 65% of respondents now utilizing the technology. 

Zero trust controls, however, are lagging somewhat, with just 41% of organizations having implemented them in their cloud infrastructure, and 38% using them within their cloud networks. 

Thales said these factors shine a light on the need to adopt “comprehensive security measures” to effectively safeguard sensitive data and bolster overall resilience. 

Consolidation of key management environments can provide increased operational control to scale up the use of encryption in a manner that security teams can tackle. 

Businesses are also advised to take advantage of the “force-multiplying power of automation” to help reduce the risk of human error and bolster digital sovereignty compliance efforts. 

“Treating cloud environments as an extension of existing infrastructure while maintaining exclusive control and security of data, especially sensitive data, is key to cloud security,” Cano said.

“Customer control of encryption keys is essential as it allows organizations to leverage the scalability, cost efficiency, and accessibility benefits of the cloud while ensuring the utmost integrity and confidentiality of their valuable information.”

Daniel Todd

Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.

A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.

He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.