Shared Responsibility Challenges in Cloud Security

Fahmida Y. Rashid reports on a Strategic Security Survey conducted by Dark Reading that highlights increasing concerns among organizations about cloud security and other risks associated with cloud services.

As cloud adoption for data storage, applications, and operations becomes nearly universal, businesses worry about losing control over their data, the reliance on third-party cloud security measures, and the challenges of managing multiple cloud service providers.

Nearly 60% of surveyed organizations work with two to five providers, which amplifies visibility and control issues. Exploits targeting cloud service providers rank as the top concern, followed by breaches and intrusions.

Organizations also struggle with visibility and enforcing security policies in cloud environments, a worry that surged from 24% in 2023 to 39% in 2024. Staffing challenges, unclear incident-response protocols, and an over-reliance on cloud providers further complicate security management.

The findings reflect a growing awareness of the risks tied to the shared responsibility model, which divides security duties between organizations and cloud providers.

Ransomware attacks have increased sharply, with 16% of respondents hit in 2024 compared to 11% in 2023. The financial toll is substantial, as 45% of affected organizations reported significant losses in 2024, up from 29% the previous year.

Despite this increase, fewer companies are paying ransoms, dropping from 44% in 2022 to just 20% in 2024. This shift suggests increasing resistance to ransomware demands, even as attacks grow more frequent and costly.

The rise in ransomware attacks underscores the need for preventive measures and recovery plans to mitigate financial and operational impacts.

Lawyers counseling companies that use cloud storage should ensure that the shared responsibility model contemplates legal issues and liabilities, which should also be shared. Visibility, control, and risk assessment are key issues.