Your digital "Home of IT Security"
365 days a year: solutions, knowledge and networking.
Find and offer innovative IT security solutions, take part in our diverse action program and make and maintain contacts.
Become part of the it-sa 365 community!
Make an appointment with
So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.
Create an onsite appointment with
So that you can make an onsite appointment, the appointment request will open in a new tab.
By 2025, over 100 zettabytes of data will be stored in the cloud. For better categorisation: A zettabyte is one billion terabytes (or one trillion gigabytes). In the same year, the total global data storage will exceed 200 zettabytes of data. This means that around half of it will be stored in the cloud. By comparison, only 25 per cent of all computing data was stored in this way in 2015. These enormous figures are cited by Cybersecurity Ventures, a US research institute for the global digital economy.
Companies appear to have a high level of trust in cloud computing overall, with 48 per cent of companies opting to store their most important data in the cloud. This includes both encrypted and "normal" data, according to figures from another US market research company called Marketsandmarkets.
Cloud resources are the main target of cyber attacks
Given these figures, it is no surprise that 75 per cent of companies cite cloud security problems as their main concern, according to a study by French market research company Reportlinker. And of course there are also figures on attacks on the cloud, for example from security provider Thales, which published its Thales Cloud Security Report in June 2024. This is an annual assessment of the latest threats, trends and emerging risks in the area of cloud security, based on a survey of almost 3,000 IT and security experts from 18 countries and 37 industries.
SaaS applications (31 per cent), cloud storage (30 per cent) and cloud management infrastructures (26 per cent) were named as the most important targets in the report. This means that the protection of cloud environments has gained in importance as the top security priority above all other security disciplines. No wonder, as 44 per cent (52 per cent in Germany) of companies have already experienced a security breach in the cloud, with 14 per cent (15 per cent in Germany) stating that this was the case in the last 12 months. Human error and misconfiguration continue to be the main causes of these breaches (31 per cent, 31 per cent in Germany), followed by exploitation of known vulnerabilities (28 per cent, 34 per cent in Germany) and failure to use multi-factor authentication (17 per cent, 11 per cent in Germany).
With the increasing use of the cloud in companies, the potential attack surface for hackers is also growing. 66 per cent of companies (71 per cent in Germany) use more than 25 SaaS applications and almost half (47 per cent, 47.6 per cent in Germany) of company data is confidential. Despite the increased risks for confidential data in the cloud, the data encryption rate is still low. Less than ten per cent (13 per cent in Germany) of companies encrypt 80 per cent or more of their sensitive cloud data.
How to protect cloud data from cyberattacks
Attacks on companies' cloud environments are now commonplace. The problems associated with data loss would not be so dramatic if this data were encrypted so that nobody could do anything with it. A rethink of how cloud data is handled is therefore more than overdue. With the following tips from security company eperi Tipps, companies can better protect their data:
Encryption instead of perimeter security
While many companies realise the protection and privacy of their data with traditional security tools, the cloud harbours its very own pitfalls. Firstly, it is often unclear who is responsible for data protection in the cloud, even though it is in fact the company that uses the cloud services. Secondly, data protection is often only applied to the data in the cloud, but not on the way there. Thirdly, the configuration of cloud services can be very complex.
Aspects that companies should pay attention to for effective data encryption in the cloud:
- End-to-end encryption: organisations should ensure that all data is encrypted end-to-end.
- Compatibility with the IT environment: To ensure end-to-end security for data in the cloud, it is crucial that an encryption technology is independent and therefore compatible with any existing IT infrastructure and application environment.
- Unrestricted usability of the data: Pure data encryption inevitably restricts the usability of the data, for example when searching for specific values and content. Low complexity: While many traditional security solutions are a constant burden on administrators' resources, encryption technology for the cloud must run unobtrusively in the background.
- Encryption for multi- and hybrid clouds: Encryption technologies are usually designed specifically for a dedicated cloud service. However, the fact is that companies often use various cloud services from different providers. To avoid increasing complexity and administration, companies should ensure that the cloud encryption solution can handle all scenarios.
Conclusion
When we think of cyber attacks, we often imagine hackers exploiting vulnerabilities in the cloud IT infrastructure. However, the truth is far less dramatic and is mainly due to employee error. In 88 per cent of cases, human error is to blame for cloud breaches, not cloud providers. And a little fun fact at the end: at 34 per cent, men fall for phishing scams twice as often as women (17 per cent).
Guest article by our content partner "Der Marktplatz IT-Sicherheit"
Written by Dunja Koelwel
