The 2020 Thales Data Threat Report – Global Edition shows organisations struggle with security post digital transformation
According to the latest report which includes research and analysis by IDC, organisations reached a global cloud tipping point causing them to struggle with security challenges of digital transformation.
Today, half of all corporate data is stored in the cloud and nearly half (48 per cent) of that data is considered sensitive. With multi-cloud usage becoming the new normal for companies, all respondents said at least some of the sensitive data stored in the cloud is not encrypted and 49 per cent globally indicated that they have experienced a breach. In addition to DX and multi-cloud complexities, the global study shows that quantum computing has skyrocketed as a major concern with almost three in four organisations claiming it will affect their security and cryptographic operations in the next five years.
Tina Stewart, Vice President of global market strategy for cloud protection and licensing activity at Thales said: “The 2020 Thales Data Threat Report – Global Edition clearly demonstrates that unprecedented amounts of sensitive data are being stored in multi-cloud environments by organisations all over the world. Having the right cloud security in place has never been more critical. As 5G networks are rolled out, IoT continues to expand and quantum computing creeps closer to becoming a reality, organisations must adopt a more modern data protection mind-set. The first step towards protecting sensitive data is knowing where to find it. Once classified, this data should be encrypted and protected with a strong multi-cloud key management strategy.”
With input from 1,723 executives with responsibility for, or influence over, IT and data security around the world, this year’s threat report dove deeper into the specific security challenges resulting from the DX era. The report revealed that the more digitally transformed, the more likely an organisation is to be breached. While organisations pursuing DX are capturing competitive advantages, the worldwide rush to implement disruptive technologies is creating new vulnerabilities resulting in data breaches and compliance audit failures. 45 per cent of organisations in the top two DX categories, software as a service (SaaS) and social media, experienced a breach in the past year.
Multi-cloud is the new normal
Companies are using multiple infrastructure as a service (IaaS) and platform as a service (PaaS) environments, as well as hundreds of SaaS applications. Eight in ten are using more than one IaaS vendor, a further 81 per cent have more than one PaaS vendor, and 11per cent have more than 100 SaaS applications to manage. As more data migrates to the cloud, security becomes more complex. Nearly four in ten respondents rate complexity as their top perceived barrier to implementing data security, down slightly from last year.
The global report draws new attention to the anticipated impact of quantum computing. Within the next five years, three in four organisations believe quantum computing power will affect their data security operations while nearly one-third see it as being a threat within the next year, highlighting the need for organisations to improve their post-quantum encryption strength.
The 2020 Thales Data Threat Report – Global Edition also explores how government, financial services, healthcare, and retail sectors embrace digital transformation in varying degrees and the associated security challenges. Global federal government organisations view themselves as most advanced, with nearly half of government respondents either aggressively disrupting the markets they participate in, or embedding digital capabilities that enable greater enterprise agility. Healthcare followed closely at 47 per cent, retail at 45 per cent and financial services at 30 per cent. Over half of financial services respondents experienced a data breach or failed compliance audit this year, followed by government at 52 per cent, retail at 49 per cent and healthcare at 37 per cent.
Data security is challenging, but across big data, IoT and containers, encryption is a key driver for adoption and usage. Based on this year’s findings, IDC recommends the following key strategies for security professionals:
*Invest in modern, hybrid and multicloud-based data security tools that make the shared responsibility model work.
*Consider a zero-trust model to secure data.
*Increase focus on data discovery solutions and centralisation of key management to strengthen data security.
*Focus on the threat vectors within their control.
*Utilise encryption to remain vigilant against today’s data risk reality.
Frank Dickson, Program Vice President, Cybersecurity Products, IDC said: “As organisations face expanding and more complex cybersecurity challenges because of multi-cloud adoption and digital transformation, they need smarter and better ways to approach data protection. Zero-trust is a fantastic initiative to authenticate and validate the users and devices accessing applications and networks but does little to protect sensitive data should those measures fail. Employing robust data discovery, hardening, data loss prevention and encryption solutions provide an appropriate foundation for data security, completing the objective of pervasive cyber protection.”