Companies globally are prioritizing cloud security amidst increased digital threats.
In a recent study by Thales, the causes of cloud security breaches were identified as predominantly stemming from human error, insufficient encryption, inadequate access controls, complex security tools, sprawl of AI tools, multicloud providers, and SaaS applications, misconfigured cloud storage buckets, and exposed third-party integrations [1][2][3][4]. These factors collectively leave over half of sensitive cloud data exposed despite increasing attack volumes and sophisticated threats.
The study, based on a survey of 3,000 IT and security professionals from 18 different countries, highlights that for nearly one-third of incidents, human error and misconfiguration are the primary causes of breaches [1][2][3][4]. Application sprawl is partially responsible for the increased complexity in the network environment, while failure to use multifactor authentication was cited in 17% of breaches [1][2][3][4].
The threat groups target companies, government agencies, and other organizations that store data in the cloud. Recent attacks on major cloud providers such as Microsoft have highlighted these exact vulnerabilities—misconfigurations and insufficient access controls remain prime exploitation points, with attackers focusing on cloud databases, containers, and SaaS platforms which organizations depend on most [2][4].
To avoid cloud security breaches, the Thales study and experts recommend embedding strong data protection at the core of cloud infrastructure, implementing multifactor authentication widely, simplifying and consolidating security tools, redesigning security architecture to be cloud-first and AI-aware, regularly auditing and securing cloud configurations, limiting access privileges, and strengthening credential management [1][2][3][4]. Furthermore, securing AI-based workflows specifically is essential as AI initiatives involve extensive data sharing and processing that increase vulnerabilities.
As cloud use increases, the attack surface and network complexity are becoming more complicated. It is crucial for organizations to evolve beyond simply increasing security spend and adopt holistic, integrated cloud security strategies emphasizing encryption, access control, operational simplicity, and cloud-focused training to effectively reduce breach risks [1][2][3][4].
The responsibility for cloud security lies with both providers and users. Todd Moore, VP of data security products at Thales, stated that the cloud is not inherently more secure than on-premises [1]. Nearly half of the data in the cloud is considered sensitive, and only 10% of organizations have encrypted 80% of their data [1][2][3][4]. Two-thirds of organizations use 25 or more Software-as-a-Service (SaaS) applications [1][2][3][4].
In conclusion, while the cloud offers numerous benefits, it also presents new security challenges. Organizations must be vigilant in securing their cloud environments and adopt best practices to mitigate the risks associated with cloud adoption. As the use of AI workloads in the cloud increases, it is essential to focus on securing these specific workflows to prevent potential breaches.
- The Thales study and experts advise that to mitigate the risks associated with cloud adoption, organizations should focus on embedding strong data protection at the core of their cloud infrastructure, implementing multifactor authentication widely, and securing AI-based workflows specifically, as AI initiatives involve extensive data sharing and processing that increase vulnerabilities.
- In the conclusion of the study, it is stated that while the cloud offers numerous benefits, it also presents new security challenges, and it is crucial for organizations to be vigilant in securing their cloud environments, adopt best practices, and focus on encrypting sensitive data, simplifying security tools, and cloud-focused training to effectively reduce breach risks.
