Almost 50% of APAC companies find cloud security harder than on-prem: survey

Diversity of multicloud environments has contributed to operational and security complexity, a Thales report says.

cloud security
CIS

Nearly half of organizations surveyed in the APAC region find privacy and data protection more challenging to manage in the cloud than on premises, according to the 2022 Thales Cloud Security report.

Thales is a conglomerate with businesses in sectors including cybersecurity, transportation and aerospace. The study, which surveyed 2,800 security professionals and executive leaders globally, included 876 respondents from the APAC region.

Following a global trend, APAC enterprises reported a variety of approaches to multicloud adoption including use of SaaS, IaaS, and PaaS providers, all contributing to growing cloud complexity, according to the report.

Cloud complexity remains a major concern

Forty-eight percent of the APAC respondents said that managing privacy and data protection regulations in a cloud (including multicloud or hybrid cloud) environment is more complex than in on-premises networks.

“While substantial workloads and data are distributed among multiple cloud providers, significant data remains outside of cloud environments,” according to the report.

Only 19% of the respondents in the APAC region confirmed having more than 60% of their sensitive data stored with cloud providers, 4% lower than globally. This indicates a hesitancy to move to the cloud in the region, especially because respondents reported feeling that a growing number of cloud architectures adds to complexity. Sixteen percent of APAC respondents reported using more than 100 SaaS applications and 23% said they used more than 50.

Regarding security policies and standards, there was a 7% year-over-year increase of APAC respondents who reported taking a centralized approach—with cloud security policies being centrally defined by the security teams rather than individual cloud delivery teams—compared to 2% globally. Japan, however, registered a 14% increase.

Failed compliance audits were on the increase for the region, with 43% of APAC respondents reporting a failed audit within the past 12 months, identical to the global average. Hong Kong and India reported the highest audit failure rates (50% and 49% respectively), and South Korea reported the lowest failure rate (39%).

Reported data breaches in APAC lowest in world

Of all companies polled, the percentage of APAC respondents saying that they had reported data breaches was the lowest of all regions, with 32% of organizations reporting a breach in the past year, down 7% from 2021 and 11% lower than the global average.

The study, however, found that 38% of the APAC enterprises indicated that they successfully avoided having to report data breaches by taking advantage of exceptions to reporting laws for data that is encrypted or tokenized. The report noted that only 21% reported encrypting more than 60% of their sensitive data on the cloud.

When queried about encryption technologies used and critical security controls needed to protect sensitive data from cyberattacks, APAC respondents cited data-at-rest encryption, tokenization and data masking, data-in-transit encryption, and key management/hardware security modules as the top techniques they used.

Encryption key management emerged as another critical area in the region, with 12% of respondents reporting using one to two key management solutions, while 55% reported using five or more.  Overall a 7% increase was noted in managing keys in cloud consoles, indicating a move toward the consolidation of key management tools.

Additionally, the report revealed that 80% of APAC enterprises said they were considering, evaluating, or deploying zero trust plans, with 62% citing "cloud access" to be the area of deployment for zero trust principles and techniques.

The majority of the APAC participants operated in the manufacturing, retail, and technology sectors, with 57, 54, and 27 respondents respectively.

Related:

Copyright © 2022 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)