A woman speaking on a mobile phone walks past a cloud computing presentation ahead of the CeBIT technology trade fair in 2012. (Sean Gallup/Getty Images)

New research by Thales on security trends one year into the pandemic found that about 50% of businesses say that they store more than 40% of their data in external cloud environments, but only 17% have encrypted at least half of their sensitive data in the cloud.

While this raises some concerns, the Thales 2021 Data Threat Report, based on a study by 451 Research, pointed to some improvement in regulated industries. For example, 33% of health care respondents say they encrypt their data.

However, mitigating cloud-related data breaches via data encryption stands as just part of the puzzle, said Ted Driggs, head of product at ExtraHop.

“While we agree that encryption is an important part of securing the cloud, we feel it’s only a partial security strategy and organizations must do more to protect themselves against the sophisticated attacks that have become our daily reality,” Driggs said. “For complete cloud security an organization should encrypt data to protect it in the cloud and also implement real-time threat detection and response.” 

Kevin Kennedy, vice president at Vectra, said attackers love the cloud for the same reason organizations do: it stores critical data in one easy to access place. Today, it’s incredibly easy for adversaries to abuse user credentials and take over cloud accounts, he said. Vectra research shows account takeovers in Office 365 have become the largest threat vector in the cloud, while, according to the Verizon Data Breach Investigations Report (DBIR), 77% of cloud breaches involved account takeovers – with misconfiguration of production environments and improper IAM and permission configurations other top threats.

“Once attackers have access, they may try to hide their tracks or move laterally between cloud services and the network to reach sensitive data, or may stay on the network undetected,” Kennedy said. “This is why you need to have detection within the cloud, not just prevention-focused tools that try to stop attackers gaining access to systems. At some point, an attacker will get in. When they do, it’s vital they are caught before they have the chance to do any harm.”

The Thales survey also found as the pandemic pushed organizations to the cloud many now use multiple providers for Infrastructure-as-a-Service (IaaS). Some 53% use AWS as their IaaS provider and 41% opt for Microsoft Azure with considerable overlap across Google Cloud, IBM Cloud, Oracle and Alibaba.

Organizations are also more measured in using Platform-as-a-Service (PaaS) providers. The largest percentage indicated they’re using two (44%) PaaS providers. And 21% identified that they use three PaaS providers. The use of multiple SaaS-delivered applications was much higher, as 27% usee more than 50 SaaS apps and 16% use 51-100 SaaS applications.