Almost half of New Zealand businesses (45%) believe cloud privacy and data protection is more challenging to manage than on-premises.
Yet, according to the 2022 Thales Cloud Security Report conducted by 451 Research, part of S-P Global Market Intelligence, increasingly complex cloud environments are on the rise.
Globally, cloud adoption and notably multi-cloud adoption, continues to rise. There has been an expansion in the use of multiple IaaS providers, with almost three-quarters (72%) of businesses using multiple IaaS providers, up from 57% the year before.
The use of multiple providers has almost doubled in the last year, with one in five (20%) respondents using three or more providers.
In New Zealand, one in five (19%) businesses now uses over 100 software as a service (SaaS) applications, up from just 4% in 2021.
However, despite rapid growth in the prevalence and use of cloud services amongst businesses, research indicates many are still navigating how to protect the complicated environments they have created.
With increasing complexity comes an even greater need for robust cybersecurity, yet in the past 12 months, over a third of New Zealand businesses (38%) experienced a cloud-based data breach or failed audit. When asked what percentage of their sensitive data is stored in the cloud, over half (53%) said between 41 to 80%.
However, only a one in five (21%) said they could fully classify all data. Furthermore, 26% say their employees still use nothing other than passwords to access data stored in cloud or SaaS applications.
Four in ten (36%) respondents admitted issuing a breach notification to a government agency, customer, partner or employees, which should be a cause for concern among enterprises with sensitive data, particularly in highly regulated industries.
Cyber attacks also present an ongoing risk to cloud applications and data. Respondents reported an increasing prevalence of attacks, with half (50%) citing an increase in phishing/whaling, 47% in malware and 43% in ransomware.
When it comes to securing data in multi-cloud environments, New Zealand IT professionals view encryption as a critical security control.
Most respondents cited encryption (53%), tokenisation authentication (53%) and key management (53%) as the security technologies they currently use to protect sensitive data in the cloud.
However, when asked what percentage of their data in the cloud is encrypted, only one in ten (9%) respondents said between 81-100%.
Key management platform sprawl may also be a growing issue for many enterprises with half (53%) using between 5-10 platforms compared to just 8% using 1-2 platforms.
In addition, a fifth of respondents (21%) admit to giving cloud providers full control of their encryption keys while 46% have handed over at least half of their encryption keys.
However, New Zealand enterprises are embracing and investing in zero trust. Nearly a third of respondents (30%) said they are already executing a zero trust strategy, and 19% said they are evaluating one. This is a positive result, but there is certainly still room to grow as 30% still have no strategy, the researchers find.
Brian Grant, ANZ director at Thales, says, “In the wake of the pandemic, business leaders reacted with quick, bold decision-making and jumped straight into cloud delivered digital services.
"For many, this surge towards a cloud-first approach meant security and safety became afterthoughts, and there's no point being the fastest car on the racetrack if you crash on the first corner.
For all its benefits, cloud computing has layered on considerable complexity, which has always been the enemy of good security. The challenge of managing multi-cloud environments cannot be overstated, so to operate safely, retaining control over who, what, when and where data is visible must become an executive mandate within every organisation, the researchers conclude.