We have adopted the cloud rather quickly. We’ve migrated our workloads in a haste at times, and we’ve developed cloud-native applications and adapted to a cloud-first business approach.
Security, somehow, gets left behind amidst all the movement. One reason for that may be the want for concrete, tangible, consolidated information on cloud security.
Stats work brilliantly when it comes to inspiring action
That’s why we’ve consolidated cloud security statistics from a host of sources with the simple goal of giving you a picture of cloud security that is broad enough to cover most bases and targeted enough to help you find what you are looking for quickly.
Top Cloud Security Statistics To Set The Stage
- There will be 100 zettabytes of data stored in the cloud by the end of 2025. That’s a hundred billion terabytes.
- 51% of the US workforce was working remotely full-time in April 2020. This number has come down to 25% in 2021 which is still relatively higher than it used to be pre-pandemic.
- Partially remote workers are taking an average of 5.8 remote work days per month as opposed to 2.4 days per month in the pre-pandemic era.
- The projected market value for cloud storage in 2023 is 103.44 billion USD which is estimated to hit 376.67 billion USD by the year 2029. (Statista)
- Cloud Security is the top concern pertaining to cloud computing for 83% of organizations.
Storing sensitive data in the cloud
- In 2022, 62% of the cloud computing market was shared by three public cloud providers. AWS holds 33% of the market, Microsoft Azure follows at 21%, and Google Cloud Platform or GCP has an 8% share.
With the growing dependency on clouds, concerns intensify regarding the security and privacy of the data stored in the cloud and in transit to and from the cloud. The security concerns are further elevated by the growing popularity of remote work which reached its peak in the spring of 2020 owing to the pandemic.
- 92% of all organizations already have some portion of their IT environment hosted in the cloud.
- The share of corporate data stored in the cloud in 2015 was 30% and in 2022 it was 60%. It goes on to show how quickly the cloud has replaced legacy data storage systems. By 2030 the cloud computing market will be worth $1.5 trillion.
All this data is primarily stored in public and private clouds. Apart from these two, there are the multi-cloud and the hybrid cloud which are not types of cloud hosting services but strategies.
Some organizations distribute their assets and resources among multiple cloud-hosting platforms both private and public. They build a multi-cloud environment to avail more services, improve infrastructure, and reduce costs.
A hybrid cloud environment is quite similar to a multi-cloud except in this case an organization combines cloud services and on-premise hosting facilities to distribute their assets and operations.
- 48% of all businesses have chosen to use the cloud to store classified data both encrypted and unencrypted.
- 34% of workers say that they prefer working remotely and using the cloud on a regular basis, in fact, they think remote work can be a driver for a job switch.
The bring-your-own-device (BYOD) culture combined with the propensity among employees to work remotely has made cloud security all the more important.
- 46% of organizations use applications that are purpose-built for the cloud.
- 54% of organizations have moved workloads from an on-premise environment.
- Among these companies, 52% faced difficulties during the migration.
- At 94.4% Google Drive is the most used cloud storage service globally (Cloudwards).
- According to Statista, 86% of enterprises face challenges managing data in multi-cloud environments.
- The cloud storage market was valued at 70.19 billion dollars in 2021 and was estimated to grow by 83.41 billion USD in 2022. (Statista)
- According to a survey by Thales involving 2800+ IT professionals, 19% of the respondents store more than 60% of their sensitive data in the cloud.
Cloud Security Challenges
Organizations operating in different verticals observe challenges pertaining to cloud security differently. For some, the most difficult part is migrating the workloads securely, for others it could be a shortcoming in privilege management or a lack of awareness among members.
- In a survey, 75% of the responding businesses pointed to cloud security as their top concern.
- 33% of respondents are extremely concerned, 42% are very concerned, and 25% are moderately concerned about cloud security.
The following stats show the most pressing concerns around cloud security according to cyber security experts.
52% of cybersecurity experts mention insecure APIs as a crucial cloud security concern.
- 68% of the responding cyber security experts categorize misconfigured cloud infrastructure as a pressing concern.
- 58% mention unauthorized access as a crucial challenge and a reason for concern.
- 52% mention insecure APIs as a pressing cloud security concern.
- 50% mention the hijacking of accounts, services, and traffic.
- 43% of the participating experts categorize external data sharing as a major concern.
The cloud security challenges along with general cloud computing challenges differ across different sizes of companies.
- 42% of enterprises struggle the most with data privacy and security.
- 39% of large enterprises find compliance and governance difficult.
- 37% of them struggle with controlling costs.
- For 31% of large businesses securing cloud assets and resources is a major challenge.
- The lack of cloud security skills and expertise is a major challenge for 30% of enterprises.
Small and mid-size businesses have similar challenges but the numbers differ quite a bit.
- 43% SMBs rank controlling costs as their biggest challenge.
- 36% rank data security and privacy in the cloud as their top concern.
- For 28% of SMBs migrating assets and workloads to the cloud securely is the biggest challenge.
If we isolate the cloud security concerns and keep general cloud computing challenges out of consideration, numbers change.
- Data loss and leakage worry 69% of companies.
- Data privacy and confidentiality concerns 66% of companies.
- For 44% of companies, accidental exposure is a massive concern.
- Data breaches are the main concern for 26% of companies.
- 93% of organizations are worried about human error causing accidental exposure.
Different kinds of security threats are accompanied by the risk of data breaches. It is a situation no application owner or customer wants to go through but data breaches in the cloud are as real as they get.
Cloud providers like AWS and GCP have their own set of security protocols in place. Cloud providers are usually responsible for securing the infrastructure and the operating systems. The users are in charge of encryption and access control among other things.
Cloud Security Breaches
- 88% of cloud data breaches are caused by human error.
The error can take many forms – falling prey to a phishing scam, using weak or repetitive passwords, granting more access than required, and sometimes conscious misuse of privilege.
Although the number of data breaches has gone down since 2021 a lot of companies and individuals are still at risk of cloud breaches.
- Data breaches in 2022 are 7% lower than in 2021.
- In the last 18 months, 79% of companies have faced at least one cloud breach.
- 43% of companies have reported more than 10 breaches in that same duration.
- The average cost of a breach in a hybrid cloud environment was $3.61 million.
- The cost of a breach in the case of public clouds was 28.3% more than that of hybrid clouds.
It would be interesting to learn what in particular caused these data breaches. Let’s see if the following stats can give us a clear picture.
- Phishing is responsible for around 25% of all data breaches.
- Interestingly, men are twice as prone to falling prey to phishing (34%) as women (17%)
A lot of data breaches are attributed to cloud misconfigurations. A large part of the companies that suffer from cloud misconfiguration-related data breaches is tech companies.
- 41% of the victims of cloud-misconfiguration-related breaches are tech companies.
- Healthcare organizations follow at 20%
- 10% of the victims are government agencies
- The hospitality and finance industries constitute 6% of the companies.
Access control and privilege management are two of the most concerning issues pertaining to cloud security. It is almost a trend to grant too much access to members. Lack of awareness and disregard for the dangers of unnecessary privileges combine to create a very volatile security environment.
- Compromised privileged accounts are held responsible for 34% of all identity-related breaches in the last two years.
- Believe it or not, 90% of cloud identities are currently using less than 5% of the permissions granted to them.
- Only 38% of organizations use multi-factor authentication for securing privileged accounts.
- 32% of companies have had issues with the wrong users having privileged access.
- 25% of companies have experienced problems with unauthorized users.
Encrypting Data in the Cloud
As we had discussed earlier, cloud security is maintained through a shared responsibility model where the cloud provider secures the OS and the infrastructure and the user is liable for securing the data. Encryption plays a huge role in securing data.
- Only 21% of organizations have encrypted more than 60% of their data in the cloud.
- 59% of ransomware incidents where the data is successfully encrypted involve data in the public cloud.
- The way data is encrypted in the cloud is driven by infrastructure and architecture for 46% of companies and by compliance regulations for 38% of companies.
- 55% of companies use more than 5 solutions to manage encryption keys whereas only 12% use 1 or 2.
The Zero Trust Approach in the Cloud
Zero Trust as a concept is most readily associated with Network Security where the internal and external networks are separated by a firewall and the concept of trust is rejected. A similar approach is being widely considered and, in some cases, implemented in the cloud environment.
- 80% of enterprises said they are considering, evaluating, or deploying zero trust plans.
- Zero Trust concepts are greatly influencing the cloud strategies of 30% of companies while some zero trust concepts are being used by 48% of companies.
- 22% of companies said their cloud strategy is unaffected by zero trust concepts.
Regular security evaluations play a vital part in zero trust plans and in cloud security maintenance in general.
Cloud Security Evaluation
22% of companies still assess cloud security manually.
- Only 20% of organizations conduct real-time cloud security posture evaluation and a similar number of companies engage in weekly evaluations.
- 58% of companies assess their security posture once a month or less frequently.
- 22% of companies are still assessing cloud security manually.
- 79% of companies are looking for a more integrated and comprehensive cloud security assessment process.
Security assessments contribute directly to the prospect of gaining compliance with security standards. The following cloud security stats will help you understand the state of audit readiness among businesses across the world.
Cloud security audits
- In a survey involving companies from the Asia Pacific region, 43% of respondents admitted having failed an audit in the past.
- Hongkong (50%) and India (49%) had the highest number of audit failures in 2022.
- South Korea (39%) has had the lowest number of audit failures.
Compliance violations, data breaches, violation of agreements with the cloud provider, misconfigurations, there are a bunch of ways that can lead you to a cloud security failure. But a lack of awareness and resultant human errors seem to be the most common culprit. It’s important to educate your teams, integrate security practices with business processes and perform regular security testing.