Latest news with #451Research
Al Bawaba
a day ago
- Business
- Al Bawaba
Thales 2025 Global Cloud Security Study Reveals Organizations Struggle to Secure Expanding, AI-Driven Cloud Environments
Thales, a global leader in technology and cybersecurity, today released the findings of its 2025 Cloud Security Study conducted by S&P Global Market Intelligence 451 Research, revealing that AI-specific security has rapidly emerged as a top enterprise priority, ranking second only to cloud security. Over half (52%) of respondents said they are prioritizing AI security investments over other security needs, signaling a shift in how organizations are allocating budgets in response to the accelerated adoption of AI. This year's research captures perspectives on cloud security challenges from nearly 3,200 respondents in 20 countries across a variety of seniority remains at the forefront of security considerationsCloud is now an essential part of modern enterprise infrastructure, but many organizations are still building the skills and strategies needed to secure it effectively. The variability of controls across cloud providers, combined with the distinct mindset required for cloud security, continues to challenge security teams. This pressure is only increasing as AI initiatives drive more sensitive data into cloud environments, amplifying the need for robust, adaptable year's Thales Cloud Security Study confirms that cloud security remains a top concern for enterprises worldwide. Nearly two-thirds (64%) of respondents ranked it among their top five security priorities, with 17% identifying it as their number one. Security for AI, a new addition to the list of spending priorities this year, ranked second overall, highlighting its growing importance. Despite sustained investment, cloud security remains a complex, persistent challenge that goes beyond technology to include staffing, operations, and the evolving threat landscape.'The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,' Sebastien Cano, Senior Vice President, Cyber Security Products at Thales, said. 'With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it's clear that security strategies haven't kept pace with adoption. To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure.'The average number of public cloud providers per organization has risen to 2.1, with most also maintaining on-prem infrastructure. This growing complexity is driving security challenges with 55% of respondents reporting that cloud is harder to secure than on-prem, a 4-percentage-point increase from last year. As organizations expand through growth or M&A, they're also seeing a surge in SaaS usage, now averaging 85 applications per enterprise, complicating access control and data complexity extends to security operations, with many teams struggling to align policies across varied platforms. The study found that 61% of organizations use five or more tools for data discovery, monitoring, or classification, and 57% use five or more encryption key target cloud resources with human error remaining a top vulnerabilityCloud infrastructure is a prime target for attackers as organizations continue to struggle with securing increasingly complex environments. According to the 2025 Thales Cloud Security Study, four of the top five most targeted assets in reported attacks are cloud-based. The rise in access-based attacks, as reported by 68% of respondents, underscores growing concerns around stolen credentials and insufficient access controls. Meanwhile, 85% of organizations say at least 40% of their cloud data is sensitive, yet only 66% have implemented multifactor authentication (MFA), leaving critical data exposed. Compounding the issue, human error remains a major contributing factor in cloud security incidents, from misconfigurations to poor credential management. 'A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data,' Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. 'Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience.' Thales, Media Relations
Associated Press
a day ago
- Business
- Associated Press
Thales 2025 Global Cloud Security Study Reveals Organizations Struggle to Secure Expanding, AI-Driven Cloud Environments
MEUDON, France--(BUSINESS WIRE)--Jun 30, 2025-- Thales, a global leader in technology and cybersecurity, today released the findings of its2025 Cloud Security Studyconducted by S&P Global Market Intelligence 451 Research, revealing that AI-specific security has rapidly emerged as a top enterprise priority, ranking second only to cloud security. Over half (52%) of respondents said they are prioritizing AI security investments over other security needs, signaling a shift in how organizations are allocating budgets in response to the accelerated adoption of AI. This year's research captures perspectives on cloud security challenges from nearly 3,200 respondents in 20 countries across a variety of seniority levels. This press release features multimedia. View the full release here: ©Thales Cloud remains at the forefront of security considerations Cloud is now an essential part of modern enterprise infrastructure, but many organizations are still building the skills and strategies needed to secure it effectively. The variability of controls across cloud providers, combined with the distinct mindset required for cloud security, continues to challenge security teams. This pressure is only increasing as AI initiatives drive more sensitive data into cloud environments, amplifying the need for robust, adaptable protections. This year's Thales Cloud Security Study confirms that cloud security remains a top concern for enterprises worldwide. Nearly two-thirds (64%) of respondents ranked it among their top five security priorities, with 17% identifying it as their number one. Security for AI, a new addition to the list of spending priorities this year, ranked second overall, highlighting its growing importance. Despite sustained investment, cloud security remains a complex, persistent challenge that goes beyond technology to include staffing, operations, and the evolving threat landscape. 'The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,' SebastienCano, Senior Vice President, Cyber Security Products at Thales, said. 'With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it's clear that security strategies haven't kept pace with adoption. To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure.' The average number of public cloud providers per organization has risen to 2.1, with most also maintaining on-prem infrastructure. This growing complexity is driving security challenges with 55% of respondents reporting that cloud is harder to secure than on-prem, a 4-percentage-point increase from last year. As organizations expand through growth or M&A, they're also seeing a surge in SaaS usage, now averaging 85 applications per enterprise, complicating access control and data visibility. This complexity extends to security operations, with many teams struggling to align policies across varied platforms. The study found that 61% of organizations use five or more tools for data discovery, monitoring, or classification, and 57% use five or more encryption key managers. Attacks target cloud resources with human error remaining a top vulnerability Cloud infrastructure is a prime target for attackers as organizations continue to struggle with securing increasingly complex environments. According to the 2025 Thales Cloud Security Study, four of the top five most targeted assets in reported attacks are cloud-based. The rise in access-based attacks, as reported by 68% of respondents, underscores growing concerns around stolen credentials and insufficient access controls. Meanwhile, 85% of organizations say at least 40% of their cloud data is sensitive, yet only 66% have implemented multifactor authentication (MFA), leaving critical data exposed. Compounding the issue, human error remains a major contributing factor in cloud security incidents, from misconfigurations to poor credential management. ' A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data ,' Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. ' Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience .' For more information, please download the full report and join our webinar hosted by Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research . About Thales Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion. The Group invests more than €4 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies. Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of €20.6 billion. PLEASE VISIT Thales Group Cloud Protection & Licensing Solutions | Thales Group Cybersecurity Solutions | Thales Group View source version on CONTACT: PRESSThales, Media Relations Security & Cybersecurity Marion Bonnet +33 (0)6 60 38 48 92 [email protected] KEYWORD: FRANCE EUROPE INDUSTRY KEYWORD: APPS/APPLICATIONS TECHNOLOGY SECURITY BUSINESS PROFESSIONAL SERVICES INTERNET DATA ANALYTICS DATA MANAGEMENT ARTIFICIAL INTELLIGENCE SOURCE: Thales Copyright Business Wire 2025. PUB: 06/30/2025 03:00 AM/DISC: 06/30/2025 03:00 AM
National Post
a day ago
- Business
- National Post
Thales 2025 Global Cloud Security Study Reveals Organizations Struggle to Secure Expanding, AI-Driven Cloud Environments
Article content 52% report AI security spending is displacing traditional security budgets 55% report cloud environments are more complex to secure than on-premises infrastructure Enterprises now use an average of 85 SaaS applications, contributing to security tool sprawl Article content MEUDON, France — Thales, a global leader in technology and cybersecurity, today released the findings of its 2025 Cloud Security Study conducted by S&P Global Market Intelligence 451 Research, revealing that AI-specific security has rapidly emerged as a top enterprise priority, ranking second only to cloud security. Over half (52%) of respondents said they are prioritizing AI security investments over other security needs, signaling a shift in how organizations are allocating budgets in response to the accelerated adoption of AI. This year's research captures perspectives on cloud security challenges from nearly 3,200 respondents in 20 countries across a variety of seniority levels. 'With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it's clear that security strategies haven't kept pace with adoption.' Cloud is now an essential part of modern enterprise infrastructure, but many organizations are still building the skills and strategies needed to secure it effectively. The variability of controls across cloud providers, combined with the distinct mindset required for cloud security, continues to challenge security teams. This pressure is only increasing as AI initiatives drive more sensitive data into cloud environments, amplifying the need for robust, adaptable protections. Article content This year's Thales Cloud Security Study confirms that cloud security remains a top concern for enterprises worldwide. Nearly two-thirds (64%) of respondents ranked it among their top five security priorities, with 17% identifying it as their number one. Security for AI, a new addition to the list of spending priorities this year, ranked second overall, highlighting its growing importance. Despite sustained investment, cloud security remains a complex, persistent challenge that goes beyond technology to include staffing, operations, and the evolving threat landscape. Article content 'The accelerating shift to cloud and AI is forcing enterprises to rethink how they manage risk at scale,' Sebastien Cano, Senior Vice President, Cyber Security Products at Thales,said. 'With over half of cloud data now classified as sensitive, and yet only a small fraction fully encrypted, it's clear that security strategies haven't kept pace with adoption. To remain resilient and competitive, organizations must embed strong data protection into the core of their digital infrastructure.' Article content The average number of public cloud providers per organization has risen to 2.1, with most also maintaining on-prem infrastructure. This growing complexity is driving security challenges with 55% of respondents reporting that cloud is harder to secure than on-prem, a 4-percentage-point increase from last year. As organizations expand through growth or M&A, they're also seeing a surge in SaaS usage, now averaging 85 applications per enterprise, complicating access control and data visibility. Article content This complexity extends to security operations, with many teams struggling to align policies across varied platforms. The study found that 61% of organizations use five or more tools for data discovery, monitoring, or classification, and 57% use five or more encryption key managers. Article content Attacks target cloud resources with human error remaining a top vulnerability Article content Cloud infrastructure is a prime target for attackers as organizations continue to struggle with securing increasingly complex environments. According to the 2025 Thales Cloud Security Study, four of the top five most targeted assets in reported attacks are cloud-based. The rise in access-based attacks, as reported by 68% of respondents, underscores growing concerns around stolen credentials and insufficient access controls. Meanwhile, 85% of organizations say at least 40% of their cloud data is sensitive, yet only 66% have implemented multifactor authentication (MFA), leaving critical data exposed. Compounding the issue, human error remains a major contributing factor in cloud security incidents, from misconfigurations to poor credential management. ' Article content A rising number of respondents report challenges in securing their cloud assets, an issue that is further amplified by the demands of AI projects that often operate in the cloud and require access to large volumes of sensitive data Article content ,' Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, said. ' Article content Compounding this issue, four of the top five targeted assets in reported attacks are cloud-based. In this environment, strengthening cloud security and streamlining operations are essential steps toward enhancing overall security effectiveness and resilience Article content .' Article content For more information, please download the full report and join our webinar hosted by Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research. About Thales Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion. Article content Article content Article content Article content Article content Contacts Article content PRESS Article content Thales, Media Relations Article content Article content Security & Cybersecurity Article content Article content Marion Bonnet Article content Article content Article content
Forbes
01-04-2025
- Business
- Forbes
Payment Orchestration: Market Dynamics And Trends
Multi-processor payment architectures are becoming more widespread, fueled by merchants' growing desire for payments flexibility and adaptability. Consider that 64% of US headquartered merchants with half or more of their sales occurring online indicate their organization prefers to work with multiple payment processors, according to 451 Research, part of S&P Global Market Intelligence. This is creating a need for capabilities to optimize results and, importantly, abstract complexity. Payment orchestration targets this market opportunity and has quickly become one of the most prolific and important merchant acceptance trends of the past half decade. The acceleration of e-commerce is creating a greater need for payment connectivity Payment orchestration encompasses approaches targeted at enhancing the reach, adaptability and performance of a multi-processor payments stack (e.g., using more than one payment processor). Once limited to only the biggest and most sophisticated global merchants with large in-house payments teams, dozens of vendors have emerged in recent years to help merchants outsource many if not all of the tasks associated with payment orchestration. Vendors in this category offer services such as payment credential vaulting and tokenization, transaction routing, consolidated reporting, prebuilt gateway integrations, rules engines, optimizers (e.g., 3-D Secure, network tokens), and more. As the CTO of a $500M+ beauty retailer in the UK put it to us, payment orchestration platforms "… allow the merchant to create efficiencies by managing and coordinating their payment stack and offering a unified view of their payments estate." Payment orchestration providers are coming at the opportunity from multiple different angles, including: Payments are becoming more global, more complex and more strategic. These factors bode well for the opportunity for payment orchestration. Looking ahead, we see several key trends defining the market. Recent moves by Stripe and to enable multi-processor support demonstrate that payment service providers are looking to position themselves as more flexible and accommodating suppliers in the eyes of large merchants. A key advantage of this strategy is expanding the market opportunity for their value-added services portfolios, as Stripe has done with Billing and Radar. This creates a larger market opportunity for PSPs to sell certain capabilities as standalone products, especially to enterprises that may not be ready to leave their incumbent processor. This then opens the door to upselling payment processing to those customers down the road. We expect multi-processor support to be offered more widely by PSPs and incumbent processors in coming years. We believe there could be a larger market opportunity for orchestration beyond payment processing. Adjacent categories such as fraud prevention, digital identity, logistics and open banking are all possible areas where payment orchestration platforms can broaden their role and value for merchants. Spreedly, for example, has already begun moving in this direction with its open payments platform vision. In recent years there have been some signs of consolidation. The first four notable deals in the space — PayU's acquisition of ZOOZ Mobile (2018), Payoneer's purchase of optile (2019), reach for ProcessOut (2020) and MangoPay's pickup of WhenThen (2023) — involve payment service providers getting into orchestration. However, TokenEx's acquisition of IXOPAY last April bucks the trend and indicates that other types of buyers aspire to participate more directly in this sector. We anticipate an uptick in payment orchestration M&A between now and the end of the decade given the number of subscale payment orchestration providers that will likely need an exit in the next 24 months. We also anticipate new entrants — PSPs, tokenization vendors and even large IT infrastructure providers — to consider making inroads inorganically by reaching for market leaders. Payment orchestration providers have a key role to play in helping merchants unify their payments data estate and deliver actionable guidance on their business. This remains a major challenge for many merchants. As the VP of e-commerce at a North American fashion retailer put it to us, "Right now, we don't have good data on how different payment methods are being used. Payment analyses are manual and one-off, leading to challenges identifying opportunities and road map priorities." Players like Pagos have emerged to address this opportunity directly, but we believe orchestration platforms will have a seat at the table as well. However, this could require orchestration providers to shift to a more modular approach where capabilities like analytics can stand alone independent from their platform. Advancements in areas like generative AI will have an obvious role to play in deepening capabilities in this arena.
Forbes
21-03-2025
- Business
- Forbes
The Human Factor: Redefining Cybersecurity In The Age Of AI
With 74% of breaches starting with people, securing the human layer is cybersecurity's most urgent ... More priority. It is a common mantra in cybersecurity that humans are the weakest link. It's a notion I often push back on, because it is generally used as a sort of tacit excuse for why cybersecurity tools or processes fail, but there is also an element of truth to it. One of the key takeaways from Verizon's 2024 Data Breach Investigations Report is that people are the problem. Not intentionally, of course—but whether by mistake, manipulation, or malicious intent, human actions or inactions played a role in 74% of breaches last year. That statistic should serve as a wake-up call for any organization still focused on hardening its networks while neglecting the individuals who interact with them. The report underscores what many security leaders have long suspected. Attackers aren't battering down firewalls or exploiting obscure technical vulnerabilities at scale anymore—they're exploiting people. And they're succeeding. The data paints a clear picture: errors, misuse of privileges, social engineering, and stolen credentials remain the top causes of breaches. It's not surprising when you consider today's work environment. Hybrid and remote work have expanded digital attack surfaces, forcing employees to juggle multiple communication and collaboration tools. Add in an onslaught of sophisticated phishing emails, fake login pages, and cleverly crafted pretexting attacks, and you have a recipe for disaster. 'Technology exists to serve people,' says Scott Crawford, information security research head at 451 Research, part of S&P Global Market Intelligence. 'But whenever they have the opportunity to interact with it, the potential exists that human activity can be manipulated for malicious ends.' And that manipulation is happening at scale. Social engineering campaigns, business email compromise, and credential theft are surging. Misconfigurations in cloud services—often due to human error or oversight—are creating unintentional gaps in security. Even well-intentioned employees can become an organization's weakest link. 'There is a 20-year-old Gartner prediction that human error would account for 75% of breaches,' notes Richard Stiennon, chief research analyst at IT-Harvest and author of 'Security Yearbook 2025.' 'It is not a surprise. So yeah, the simple stuff is exploited the most.' The growing body of evidence points to one conclusion: Organizations need to reinforce security where attackers are focusing—on people. This means going beyond traditional perimeter defenses and endpoint security. It requires an integrated strategy that protects email communications, secures collaboration platforms, and applies robust data loss prevention policies. In short, organizations need to secure the 'human layer'—the interface where people, technology, and data intersect. Scott Crawford emphasizes, 'The challenge with limiting risk is to do so without inhibiting technology's benefits. But there are a number of opportunities today. Education and awareness training can lay a foundation, but advances in behavioral analytics, authentication and multifactor techniques, and zero trust implementations can all help mitigate exposure.' That's why reinforcing the human layer doesn't stop with education alone. It includes embedding smarter defenses into the tools employees use every day, detecting risky behavior patterns, and automating threat response before human error leads to compromise. One example of how organizations are addressing this challenge comes from Proofpoint and Microsoft. The two companies announced an expanded global strategic alliance focused on reinforcing human-centric cybersecurity. At the heart of the partnership is Proofpoint's decision to move its platform to Microsoft Azure. By leveraging Azure's robust AI capabilities and trusted cloud infrastructure, Proofpoint plans to scale its ability to detect and neutralize threats aimed at users. The integration extends deep into Microsoft 365 and Microsoft Sentinel, allowing security teams to automate threat detection and response, enrich their analytics, and enhance data protection. 'Built on top of Microsoft Azure, we're delivering advanced, preventive protection for the most important layer in the cybersecurity ecosystem—the human layer,' explained Darren Lee, executive vice president and general manager of Proofpoint's Threat Protection Group, in a press release. With Nexus intelligence technologies, Proofpoint combines AI models, behavior analysis, and threat intelligence to proactively detect and neutralize risks. One of the critical components of the alliance is Proofpoint's Targeted Attack Protection, which integrates with Sentinel to provide enriched data for extended detection and response workflows. The partnership also tackles emerging risks from generative AI tools. These tools, while powerful productivity enhancers, introduce new data leakage concerns that traditional security controls struggle to manage. Proofpoint's platform includes DLP features designed to monitor and control the flow of sensitive data in generative AI contexts. Despite these advances, Richard Stiennon offers a reality check: 'Never lose sight of the fact that a targeted attack can get around any of the things deployed at the human layer.' This sobering truth highlights that while securing the human layer is critical, it's not a panacea. Advanced persistent threats, highly targeted spear-phishing campaigns, and insider threats will always require layered defenses, sophisticated detection, and rapid response capabilities. It's why comprehensive security strategies must balance prevention with detection and resilience. The reality is stark: nearly three-fourths of breaches involve human failure in some form. If cybersecurity strategies don't prioritize protecting the human layer, they're leaving the most exploited vector wide open. As Scott Crawford points out, 'As adversaries look to cast a wider net across potential human targets, the way people interact in processes such as IT service support also presents opportunities for organizations to learn from incidents and take advantage of new and emerging ways to increase awareness of potential threats.' The Proofpoint-Microsoft alliance is one example of the shift toward people-centric security—one that many organizations will need to follow. By combining AI, automation, and tight integrations with the tools employees rely on, they're providing a roadmap for reducing human risk and improving overall security posture. As attackers continue to evolve their tactics, organizations must do the same. Reinforcing security at the human layer isn't just a good idea; it's a business imperative.
