Most Australian businesses leave half the sensitive data they store in the cloud unencrypted

Most Australian businesses leave half the sensitive data they store in the cloud unencrypted

Only 8% of Australian and 26% of New Zealand businesses are encrypting at least half of the sensitive data they store in the cloud, while only 15% of Australian and 10% of New Zealand organizations retain total control of encryption keys.

The 2021 Thales Global Cloud Security Study commissioned by Thales and conducted by 451 Research, part of S&P Global Market Intelligence, reports that 51% and 43% of Australian and New Zealand organizations respectively have experienced a cloud-based data breach in the past 12 months.

Despite increasing cyberattacks targeting data in the cloud, the vast majority (92% in Australia and 75% in New Zealand) of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cybercriminals can have.

Pandemic has accelerated cloud transformation

Cloud adoption is on the rise and businesses are continuing to diversify the way they use cloud solutions. Globally, while 57% of respondents reported they make use of two or more cloud infrastructure providers, in the Asia Pacific region, this figure was 58%.

In ANZ, 20% of Australian and 22% of New Zealand organizations flagged that the majority of their workloads and data now reside in the cloud. In fact, according to a recent study by McKinsey & Company, companies globally have accelerated their cloud adoption by three years compared to pre-pandemic adoption rates.

This marks a significant shift in the use of cloud-based solutions, from being purely data storage solutions, to environments in which data is used transactionally and supports day-to-day business operations.

Security in the cloud is mixed

According to the study, a quarter of Australian (26%) and New Zealand (26%) businesses state the majority of the data stored in the cloud is sensitive, while about half of respondents in Australia (51%) and New Zealand (43%) reported a breach in the last year.

There are some common trends as to where companies turn when considering how to secure their cloud infrastructure. Australian businesses turn to encryption (74%) followed by tokenization/data masking (69%), key management (60%) and multi-factor authentication (MFA) (47%) technologies as their top four technologies to protect their sensitive data in the cloud, while the top three security technologies New Zealand businesses use are key management (69%), encryption (59%) and MFA (53%).

Alarmingly, only 8% of Australian businesses have encrypted more than half of the sensitive data they store in the cloud while New Zealand businesses fared better on this with 26% of businesses encrypting more than half of the sensitive data they store in the cloud.

Even where businesses protect their data with encryption, 33% of Australian organizations and 28% of New Zealand organizations mostly leave the control of keys to service providers rather than retaining control themselves. Where large numbers of organizations fail to protect their data sufficiently with encryption, limiting potential access points becomes even more critical.

However, nearly three quarters of business leaders (66% in AU and 75% in NZ) admitted their organization does not have a Zero Trust strategy and a quarter (21% of Australian respondents and 28% of New Zealand respondents) aren’t even considering one.

Brian Grant, ANZ Director at Thales

Complexity as a concern

Businesses share common concerns about the increasing complexity of cloud services. In Australia, more than half (62%) of respondents claimed managing privacy and data protection in the cloud is more complex than on-premise solutions while this was slightly lower in New Zealand at 53%.

Brian Grant, ANZ Director at Thales, said: “Organizations in Australia and New Zealand like their counterparts across the globe are struggling to navigate the increased complexity that comes with greater adoption of cloud-based solutions. It’s no longer ‘if’ a cyberbreach occurs but ‘when’.

“A robust security strategy is essential to ensuring data and business operations remain secure. With nearly every business reliant on the cloud to some extent, it is vital that security teams have the ability to discover, protect and maintain control of their data.”

Fernando Montenegro, Principal Research Analyst, Information Security at 451 Research, part of S&P Global Market Intelligence, added from the 2021 Thales Global Cloud Security Study: “Protecting customer data is always the priority, and organizations should strongly consider reviewing their strategies and approaches to proactively protect data in cloud.

“This includes understanding the role of specific technologies including encryption and key management, as well as the shared responsibilities between providers and their customers.

“As data privacy and sovereignty regulations grow, it will be paramount that organizations have a clear understanding of how they remain responsible for data security and make clear decisions about who is in control and who can access their sensitive data.”

Click below to share this article

Browse our latest issue

Intelligent CIO APAC

View Magazine Archive