Diversity of multicloud environments has contributed to operational and security complexity, a Thales report says. Credit: CIS Nearly half of organizations surveyed in the APAC region find privacy and data protection more challenging to manage in the cloud than on premises, according to the 2022 Thales Cloud Security report.Thales is a conglomerate with businesses in sectors including cybersecurity, transportation and aerospace. The study, which surveyed 2,800 security professionals and executive leaders globally, included 876 respondents from the APAC region.Following a global trend, APAC enterprises reported a variety of approaches to multicloud adoption including use of SaaS, IaaS, and PaaS providers, all contributing to growing cloud complexity, according to the report.Cloud complexity remains a major concernForty-eight percent of the APAC respondents said that managing privacy and data protection regulations in a cloud (including multicloud or hybrid cloud) environment is more complex than in on-premises networks. “While substantial workloads and data are distributed among multiple cloud providers, significant data remains outside of cloud environments,” according to the report.Only 19% of the respondents in the APAC region confirmed having more than 60% of their sensitive data stored with cloud providers, 4% lower than globally. This indicates a hesitancy to move to the cloud in the region, especially because respondents reported feeling that a growing number of cloud architectures adds to complexity. Sixteen percent of APAC respondents reported using more than 100 SaaS applications and 23% said they used more than 50. Regarding security policies and standards, there was a 7% year-over-year increase of APAC respondents who reported taking a centralized approach—with cloud security policies being centrally defined by the security teams rather than individual cloud delivery teams—compared to 2% globally. Japan, however, registered a 14% increase.Failed compliance audits were on the increase for the region, with 43% of APAC respondents reporting a failed audit within the past 12 months, identical to the global average. Hong Kong and India reported the highest audit failure rates (50% and 49% respectively), and South Korea reported the lowest failure rate (39%).Reported data breaches in APAC lowest in worldOf all companies polled, the percentage of APAC respondents saying that they had reported data breaches was the lowest of all regions, with 32% of organizations reporting a breach in the past year, down 7% from 2021 and 11% lower than the global average.The study, however, found that 38% of the APAC enterprises indicated that they successfully avoided having to report data breaches by taking advantage of exceptions to reporting laws for data that is encrypted or tokenized. The report noted that only 21% reported encrypting more than 60% of their sensitive data on the cloud.When queried about encryption technologies used and critical security controls needed to protect sensitive data from cyberattacks, APAC respondents cited data-at-rest encryption, tokenization and data masking, data-in-transit encryption, and key management/hardware security modules as the top techniques they used.Encryption key management emerged as another critical area in the region, with 12% of respondents reporting using one to two key management solutions, while 55% reported using five or more. Overall a 7% increase was noted in managing keys in cloud consoles, indicating a move toward the consolidation of key management tools. Additionally, the report revealed that 80% of APAC enterprises said they were considering, evaluating, or deploying zero trust plans, with 62% citing “cloud access” to be the area of deployment for zero trust principles and techniques.The majority of the APAC participants operated in the manufacturing, retail, and technology sectors, with 57, 54, and 27 respondents respectively. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe