As organizations continue their digital transformation, the challenges of securing sensitive assets across hybrid and multi-cloud environments have become increasingly complex. In response to these evolving threats, the Cloud Security Alliance (CSA), in collaboration with global technology and security provider Thales, has released its latest survey report, Understanding Data Security Risk. This research highlights the obstacles organizations face in identifying, prioritizing, and mitigating risks and provides practical guidance on fortifying their security posture.
The study underscores a significant gap in risk awareness and preparedness among organizations. Nearly a third (31%) reported a lack of adequate tools to identify high-risk data sources, and an overwhelming 80% expressed little to no confidence in their ability to effectively address these risks. This lack of visibility exacerbates vulnerabilities, leaving critical data exposed to increasingly sophisticated threats. Furthermore, a misalignment between management and operational teams adds to the inefficiencies in security operations. While executives prioritize aligning security measures with broader business goals, operational teams struggle with resource constraints, often relying on manual (22%) or semi-automated (54%) processes. Such fragmentation leads to operational bottlenecks and conflicting security approaches, making organizations more susceptible to breaches. Additionally, more than half of organizations (54%) employ four or more security tools, which, rather than providing clarity, often result in duplicated efforts and inconsistent reporting.
The research also highlights that while compliance remains a dominant factor in risk management—driving decisions for 59% of organizations—it does not necessarily translate to a proactive security posture. Many organizations focus primarily on regulatory adherence, often at the expense of preemptively addressing emerging cyber threats. However, the study found an increasing shift towards risk-based strategies, with organizations recognizing the need to identify and prioritize vulnerabilities in real-time.
As cyber threats evolve, organizations must move beyond a compliance-driven approach and adopt a risk-focused mindset. Todd Moore, Vice President of Thales Data Security, emphasized the importance of quantifiable risk visibility across multiple dimensions—organizational, asset, and regulatory—to enable a more informed and dynamic response to security challenges. By leveraging key data risk indicators, businesses can gain a more comprehensive and actionable view of their security landscape, allowing them to make proactive decisions to safeguard sensitive assets.
The survey, conducted online in November 2024, gathered insights from 912 IT and security professionals across diverse organizations. The data was analyzed by CSA’s research team, with Thales co-developing the questionnaire and funding the study. The findings reinforce the urgent need for organizations to consolidate security tools, strengthen cross-functional collaboration, and shift from fragmented, reactive security measures to an integrated, risk-driven approach. As hybrid and multi-cloud ecosystems continue to expand, a proactive security strategy will be crucial in closing confidence gaps and staying ahead of evolving cyber threats.
Leave a Reply