More than 40% of organizations say they are underway with digital transformation — projects that are complicating data security efforts, especially in the cloud.

That’s one major takeaway from the 2020 version of the annual Data Threat Report. Thales eSecurity commissioned the survey, and research firm IDC carried it out.

Analysts say enterprises have reached an “inflection point” because half of all data now resides in the cloud, thanks to digital transformation. (Incidentally, the United States leads in these deployments, at 59%, with the U.K. trailing closely, at 51%.) And almost half (48%) of that data is deemed sensitive.

Add to that the reality that most cloud environments are comprised of multiple platforms. All this, the report notes, creates complexity that hinders data security.

The problem is, two-thirds of organizations perceive their environments as very secure.

“[But] organizations are not implementing the processes and investing in the technologies required to appropriately protect their data,” analysts wrote. “More than half have been breached or experienced failed security audits. And when it comes to securing data in the cloud, most companies incorrectly look to their cloud providers for their portion of the shared responsibility model.”

Most respondents funnel only a small portion of their IT budgets toward securing their data in the cloud, IDC found. The bulk continue to shore up their network security instead.

Data Security Spending

Even so, analysts said 46% of organizations intended to boost data security spending in the 12 months following the survey, which IDC conducted in November. That means the latest Thales Data Threat report does not reflect the impact of the COVID-19 pandemic and its subsequent effect on organizations making sudden moves into the cloud, potentially increasing data security risks.

The imperative to put more money into data security already was clear, even before the novel coronavirus outbreak. IDC said almost one-half (49%) of global respondents had experienced a breach at some point, with 26% suffering a breach in the past year. It only makes sense that now, as more firms choose cloud solutions to provide unplanned work-from-home support, that the risk grows greater without a solid security strategy.

Consider, too, that 95% of organizations surveyed rely on software-as-a-service applications, which run from the cloud. Plus, 78% of those users store sensitive data in those programs, IDC said. Those figures don’t include the sensitive data housed in PaaS or IaaS environments globally. In the U.S. alone, organizations keeping sensitive data in cloud environments looks like this: 79% in SaaS, 48% in PaaS and 46% in IaaS. All this stands to create a perfect storm of data threats.

The channel is in a great spot to step in and help. Overall, in the Thales Data Threat report, IDC recommends a multilayered approach to data security. Analysts encourage organizations to embrace cloud shared security responsibilities. They also recommend adopting a zero-trust model that authenticates and validates the users and devices accessing applications and networks. At the same time, they suggest employing more robust data discovery, hardening, data loss prevention and encryption solutions. Cloud-centric MSPs, VARs, system integrators and other partners are the right experts to implement and guide those initiatives for clients.

‘Zero Trust’

That “zero trust” approach is key, according to IDC. It “eliminates the binary trust/don’t trust approach of yesterday’s on-premises, perimeter-centric reality and instead requires a least-privileged, continuous validation and verification approach, providing both network and application-centric access protections,” analysts wrote. “Likewise, technologies like …

… encryption and tokenization assure that if the data is hacked, leaked, or physical devices are stolen, data is also appropriately protected.”

Perhaps frighteningly, 100% of respondents told IDC at least some of their sensitive data in the cloud has no encryption. Throughout the world, just 57% of sensitive data stored in cloud environments features encryption. And IDC found that tokenization protects less than half (48%). The U.S.  leads the world in employing data encryption (63%) and tokenization (54%) to protect sensitive data in the cloud. So says the Thales Data Threat report.

Finally, expect data security to grow ever more complex as organizations lean on multicloud environments, IDC said. Executives told the research firm multicloud complexity represents the biggest barrier to implementing data security. They also say they must avoid interfering with business performance and processes as they move forward with data security efforts. Again, the channel is in a prime role to assist.

IDC surveyed more than 1,700 executives responsible for, or with influence over, IT and data security throughout the world. Their businesses represent a range of industries, but most fell within the health care, financial services, retail, technology and federal government sectors. The sizes of those entities also varied, with the majority ranging from 500-10,000 employees.