The 2024 Thales Cloud Security Study highlights a crucial shift in cybersecurity priorities for Indian organizations. As cloud resources become increasingly central to operations, they are now the biggest targets for cyberattacks. The study, based on a survey of nearly 3,000 IT and security professionals across 18 countries and 37 industries, underscores the urgent need to bolster cloud security.
One of the most striking findings is that cloud security spending has surpassed all other categories of security expenditures. This shift is driven by the recognition that nearly half (46 percent) of corporate data stored in the cloud in India is sensitive. The vulnerability of this data is underscored by the fact that 37 percent of Indian organizations have experienced a cloud data breach, with 14 percent occurring in the past year alone.
The study identifies the primary targets of cyberattacks in India as cloud storage, SaaS applications, and cloud management infrastructure, each accounting for around 30percent of attacks. This has pushed protecting cloud environments to the forefront of security priorities. Human error and misconfiguration are the leading causes of these breaches (34percent), followed by exploiting unknown vulnerabilities (32percent), known vulnerabilities (21percent), and the failure to use multi-factor authentication (11percent).
Globally, the expanded use of cloud services has led to a larger attack surface for cybercriminals. With 66percent of organizations using more than 25 SaaS applications and nearly half of all corporate data being sensitive, managing compliance and privacy in the cloud is seen as more challenging than in on-premises environments. Despite these risks, data encryption rates remain surprisingly low, with less than 9percent of enterprises encrypting 80percent or more of their sensitive cloud data.
Ashish Saraf, VP and Country Director of Thales in India, emphasized the importance of robust cloud security measures. “The scalability and flexibility of the cloud are compelling, but the expanding attack surface requires a firm grasp on data management and encryption. As India progresses in digital technology, addressing cloud security challenges is vital for a secure future.”
To future-proof their cloud environments, 35percent of Indian organizations are focusing on digital sovereignty initiatives. These initiatives include refactoring applications to securely store and process cloud data, ahead of other measures like repatriating workloads to on-premises systems. This reflects a broader trend towards ensuring that data sovereignty and privacy are prioritized.