The 2024 Thales Cloud Security Study provides a comprehensive overview of the current trends and challenges in cloud security. This report is relevant for Air Traffic Safety Electronics Personnel (ATSEP) involved in securing cloud environments. In this article, we present the key findings and offer actionable insights based on the study.
The ATSEP Infrastructure is Changing
Interconnected FIRS, Single European Sky, AI needing centralized data pools, automated ground-to-air and ground-to-ground communication or interoperability all make a technical transformation towards a service-based, cloud architecture unavoidable.
Therefore we share recent updates and insights on Cloud Architecture and Cybersecurity relevant for ATSEP.
Key Findings
1. Increasing Cloud Security Threats: The study indicates a significant rise in cloud data breaches, with 44% of respondents reporting incidents, and 14% experiencing breaches in the past year. Major contributing factors include human error, configuration vulnerabilities, and insufficient use of Multi-Factor Authentication (MFA). Cloud resources such as SaaS applications, cloud storage, and cloud management infrastructure are the primary targets for cyberattacks.
2. Challenges Due to Cloud Complexity: The complexity of managing cloud environments affects compliance and privacy. With the growing adoption of multi-cloud strategies, enterprises face diverse security requirements from multiple providers. The study reports that 53% of organizations use five or more key management systems, complicating encryption efforts and increasing the risk of human error.
3. Investment in Cloud Security: There is a growing focus on security spending for cloud environments, particularly for IaaS and PaaS. Despite this, encryption adoption remains low, with fewer than 10% of enterprises encrypting over 80% of their cloud data. This highlights the need for better integration of modern security controls within cloud operations.
4. Integration with DevOps: DevOps integration is crucial for cloud security. The study reveals that secrets management (56%) and workforce IAM (52%) are the top challenges in DevOps programs. While 53% of organizations have formal security champions programs, aligning product and security roadmaps remains challenging.
Strategies for Better Cloud Utilization
1. Proactive Security Measures: Enterprises should adopt proactive security measures to mitigate cloud data breaches. Passing security audits correlates with lower breach incidences, emphasizing the importance of regular compliance checks and robust security practices.
2. Enhancing Cloud Technology Command: Organizations must strengthen their command over new cloud technologies. While cloud-native application protection platforms (CNAPP) and data encryption are being deployed, familiarity with traditional tools often prevails. Encouraging collaboration between developers and security teams is vital for integrating advanced security solutions effectively.
3. Emphasizing Digital Sovereignty: Future-proofing cloud investments through digital sovereignty is a growing priority. Enterprises aim to ensure control over digital assets, regardless of location or operational personnel. Strategies include refactoring applications and leveraging SaaS solutions to achieve sovereignty goals.
4. Centralized Tools for Decentralized Teams: Providing centralized security tools and platforms for decentralized teams can improve organizational alignment and security efficacy. Formal security champions programs help manage risks across various business lines, facilitating better cloud security management.
The 2024 Thales Cloud Security Study underscores the critical need for robust cloud security practices amidst increasing threats and complexity. By prioritizing proactive security measures, strengthening technology command, and fostering collaboration between developers and security teams, professionals can enhance cloud security and ensure resilient cloud operations.
For more detailed insights, go to the Thales Cloud Security Research page at Thales Cloud Security.
Evaluating the findings
The 2024 Data Threat Report is a custom survey from S&P Global Market Intelligence, commissioned by Thales. It is based on interviews by experts across the world, not based on research or peer-reviewed data. It is also reflecting the general market, not specific trends in ATC.
However it is giving - on a high level - useful information, which helps focusing on important topics. In forthcoming articles we will dive deeper into specific aspects of the study in the context of the ATC architecture, trends like Trajectory-based operations, interoperability and data-souvereignty, AI and the need of a central data pool.
