Cloud Security Alliance surveys data risk management in cloud

Today

The Cloud Security Alliance has published a new survey report investigating how organisations assess and manage cybersecurity and data risks in increasingly complex cloud environments.

The "Understanding Data Security Risk" report, commissioned by Thales, offers critical insights into the challenges organisms face when overseeing their data security, particularly in hybrid and multi-cloud settings. Hillary Baron, Senior Technical Research Director at the Cloud Security Alliance, emphasises the importance of refining strategies to navigate these complexities effectively. "To successfully navigate today's intricate risk environment, organisations must refine their strategies. Strengthening risk awareness, fostering cross-team alignment, unifying fragmented tools into cohesive platforms, and adopting proactive, risk-driven approaches allow organisations to enhance resilience, protect critical data, and streamline compliance, and in doing so, pave the way for a more robust and adaptable security posture," she stated.

The survey assessed companies' methods in security, governance, and compliance, particularly focusing on risk identification, categorisation, and evaluation across various assets. Significantly, the report highlighted a gap in confidence and tools essential for identifying high-risk data sources, with 31% of respondents citing insufficient tooling and nearly 80% indicating little to no confidence in addressing these concerns.

Differences are evident between management and operational staff in their approach to security efforts. Executives often aim to align these efforts with broader business objectives, with 41% prioritising this alignment, while staff frequently encounter resource limitations. According to the survey, operational teams depend heavily on manual processes (22%) or semi-automated systems (54%), complicating efficiency.

The reliance on multiple tools to manage data risks poses additional challenges. Over half of the organisations remarked on using four or more tools, resulting in inefficiencies and conflicting information. Furthermore, while compliance drives risk reduction for 59% of respondents, this focus can leave companies less prepared for new and emerging threats.

There is a growing shift towards risk-based strategies within organisations, prioritising the identification and prioritisation of vulnerabilities. A clear recognition of risk across various dimensions—organisational, asset, and regulatory—is deemed essential. Todd Moore, Vice President of Thales Data Security, supports this transition saying, "In 2025, organisations must transition from a purely compliance-focused approach to a more proactive risk-focused strategy. This requires a clear understanding of risk across key dimensions, including organisational risk, asset risk, and regulatory risk. Risk visibility must be quantifiable and prioritised according to its potential impact on the business. By leveraging key data risk indicators from the entire data estate, organisations can create an actionable risk view that empowers them to make informed and effective decisions to strengthen data security."

The report was based on data collected from 912 IT and security professionals across diverse organisations. The survey was conducted online by the Cloud Security Alliance in November 2024, with contributions from Thales in questionnaire development and financial support.

Share on: