Skip to main content

Managing Cloud Sovereignty and Security in a Multi-Cloud World

Todd Moore
Thales

In 2023, cloud computing has become commonplace across tech and non-tech organizations around the world. Over the past two years, it has cut out the middleman — expensive local infrastructure needed for computer applications — and has accelerated the growth of some of the most significant recent technological advances, including driving major improvements in artificial intelligence (AI), the Internet of Things (IoT), and remote and hybrid working.

But are organizations prepared for public clouds?


According to the 2023 Thales Cloud Security Study, which surveyed nearly 3000 respondents across 18 countries, over three-quarters of respondents now rely on more than one cloud provider. The average organization uses 2.26 infrastructure providers, a 35% increase since 2021. In 2021, 16% of respondents' organizations used 51-100 SaaS applications; by 2023, this percentage increased to 22% for 97 average SaaS applications.

So what's the problem?

Multi-cloud adoption is becoming increasingly complex — and most organizations are failing to keep up.

Cloud complexity

Multicloud adoption has brought operational complexity, making the management and security of data in the cloud more difficult. Between 2021–2023, the number of respondents feeling the effects of this complexity arose from 46% to 55%.

This makes more sense when you consider the way organizations choose to store encryption keys. Only 14% of respondents said they controlled all their encryption keys in their cloud environment, while nearly two-thirds said they used five or more key management systems, which is difficult to believe from a complexity perspective. It's no wonder organizations are struggling to keep track of their data.

Cloud data concerns

There is more data stored in the cloud than ever. However, more interesting is how much more sensitive data organizations are storing in the cloud. Three-quarters of respondents report that 40% of their data is sensitive, a 16% increase since 2021.

However, many organizations still aren't giving cloud security the necessary attention. Less than half of their overall cloud data is encrypted, and only 22% of respondents reported that more than 60% of their cloud data is encrypted. It's undeniable that organizations need to improve their cloud security.

The cloud threat landscape

The cloud threat landscape is not immune to today's cybersecurity concerns. The number of organizations that experienced a breach in the past grew 4% from 2021 (35%) to now (39%). Even more concerning, nearly half of respondents said they had experienced a data breach in their cloud environment.

Data sovereignty challenges

Cloud data sovereignty is the concept that data stored in the cloud is subject to the laws and regulations of the country or other jurisdiction. While data sovereignty represents an opportunity for organizations to undergo digital transformation, it also brings significant cloud security challenges. More than 80% of respondents said they were "somewhat" or "very" concerned about data sovereignty impacts on their cloud deployments.

Looking Forward

Organizations shifting to cloud computing must move away from complexity and embrace easy-to-manage cloud services and data protection. It is also imperative that they account for the human factor, i.e., human errors and misconfigurations that risk cloud and company security. The cloud is an extension of your infrastructure and must be treated this way if organizations intend to optimize its security and value. As companies use more cloud services and store more sensitive data in the cloud, they will gain operational and financial advantages and thrive in a competitive market.

Todd Moore is VP Data Security Products at Thales

Hot Topics

The Latest

The prevention of data center outages continues to be a strategic priority for data center owners and operators. Infrastructure equipment has improved, but the complexity of modern architectures and evolving external threats presents new risks that operators must actively manage, according to the Data Center Outage Analysis 2025 from Uptime Institute ...

As observability engineers, we navigate a sea of telemetry daily. We instrument our applications, configure collectors, and build dashboards, all in pursuit of understanding our complex distributed systems. Yet, amidst this flood of data, a critical question often remains unspoken, or at best, answered by gut feeling: "Is our telemetry actually good?" ... We're inviting you to participate in shaping a foundational element for better observability: the Instrumentation Score ...

We're inching ever closer toward a long-held goal: technology infrastructure that is so automated that it can protect itself. But as IT leaders aggressively employ automation across our enterprises, we need to continuously reassess what AI is ready to manage autonomously and what can not yet be trusted to algorithms ...

Much like a traditional factory turns raw materials into finished products, the AI factory turns vast datasets into actionable business outcomes through advanced models, inferences, and automation. From the earliest data inputs to the final token output, this process must be reliable, repeatable, and scalable. That requires industrializing the way AI is developed, deployed, and managed ...

Almost half (48%) of employees admit they resent their jobs but stay anyway, according to research from Ivanti ... This has obvious consequences across the business, but we're overlooking the massive impact of resenteeism and presenteeism on IT. For IT professionals tasked with managing the backbone of modern business operations, these numbers spell big trouble ...

For many B2B and B2C enterprise brands, technology isn't a core strength. Relying on overly complex architectures (like those that follow a pure MACH doctrine) has been flagged by industry leaders as a source of operational slowdown, creating bottlenecks that limit agility in volatile market conditions ...

FinOps champions crucial cross-departmental collaboration, uniting business, finance, technology and engineering leaders to demystify cloud expenses. Yet, too often, critical cost issues are softened into mere "recommendations" or "insights" — easy to ignore. But what if we adopted security's battle-tested strategy and reframed these as the urgent risks they truly are, demanding immediate action? ...

Two in three IT professionals now cite growing complexity as their top challenge — an urgent signal that the modernization curve may be getting too steep, according to the Rising to the Challenge survey from Checkmk ...

While IT leaders are becoming more comfortable and adept at balancing workloads across on-premises, colocation data centers and the public cloud, there's a key component missing: connectivity, according to the 2025 State of the Data Center Report from CoreSite ...

A perfect storm is brewing in cybersecurity — certificate lifespans shrinking to just 47 days while quantum computing threatens today's encryption. Organizations must embrace ephemeral trust and crypto-agility to survive this dual challenge ...

Managing Cloud Sovereignty and Security in a Multi-Cloud World

Todd Moore
Thales

In 2023, cloud computing has become commonplace across tech and non-tech organizations around the world. Over the past two years, it has cut out the middleman — expensive local infrastructure needed for computer applications — and has accelerated the growth of some of the most significant recent technological advances, including driving major improvements in artificial intelligence (AI), the Internet of Things (IoT), and remote and hybrid working.

But are organizations prepared for public clouds?


According to the 2023 Thales Cloud Security Study, which surveyed nearly 3000 respondents across 18 countries, over three-quarters of respondents now rely on more than one cloud provider. The average organization uses 2.26 infrastructure providers, a 35% increase since 2021. In 2021, 16% of respondents' organizations used 51-100 SaaS applications; by 2023, this percentage increased to 22% for 97 average SaaS applications.

So what's the problem?

Multi-cloud adoption is becoming increasingly complex — and most organizations are failing to keep up.

Cloud complexity

Multicloud adoption has brought operational complexity, making the management and security of data in the cloud more difficult. Between 2021–2023, the number of respondents feeling the effects of this complexity arose from 46% to 55%.

This makes more sense when you consider the way organizations choose to store encryption keys. Only 14% of respondents said they controlled all their encryption keys in their cloud environment, while nearly two-thirds said they used five or more key management systems, which is difficult to believe from a complexity perspective. It's no wonder organizations are struggling to keep track of their data.

Cloud data concerns

There is more data stored in the cloud than ever. However, more interesting is how much more sensitive data organizations are storing in the cloud. Three-quarters of respondents report that 40% of their data is sensitive, a 16% increase since 2021.

However, many organizations still aren't giving cloud security the necessary attention. Less than half of their overall cloud data is encrypted, and only 22% of respondents reported that more than 60% of their cloud data is encrypted. It's undeniable that organizations need to improve their cloud security.

The cloud threat landscape

The cloud threat landscape is not immune to today's cybersecurity concerns. The number of organizations that experienced a breach in the past grew 4% from 2021 (35%) to now (39%). Even more concerning, nearly half of respondents said they had experienced a data breach in their cloud environment.

Data sovereignty challenges

Cloud data sovereignty is the concept that data stored in the cloud is subject to the laws and regulations of the country or other jurisdiction. While data sovereignty represents an opportunity for organizations to undergo digital transformation, it also brings significant cloud security challenges. More than 80% of respondents said they were "somewhat" or "very" concerned about data sovereignty impacts on their cloud deployments.

Looking Forward

Organizations shifting to cloud computing must move away from complexity and embrace easy-to-manage cloud services and data protection. It is also imperative that they account for the human factor, i.e., human errors and misconfigurations that risk cloud and company security. The cloud is an extension of your infrastructure and must be treated this way if organizations intend to optimize its security and value. As companies use more cloud services and store more sensitive data in the cloud, they will gain operational and financial advantages and thrive in a competitive market.

Todd Moore is VP Data Security Products at Thales

Hot Topics

The Latest

The prevention of data center outages continues to be a strategic priority for data center owners and operators. Infrastructure equipment has improved, but the complexity of modern architectures and evolving external threats presents new risks that operators must actively manage, according to the Data Center Outage Analysis 2025 from Uptime Institute ...

As observability engineers, we navigate a sea of telemetry daily. We instrument our applications, configure collectors, and build dashboards, all in pursuit of understanding our complex distributed systems. Yet, amidst this flood of data, a critical question often remains unspoken, or at best, answered by gut feeling: "Is our telemetry actually good?" ... We're inviting you to participate in shaping a foundational element for better observability: the Instrumentation Score ...

We're inching ever closer toward a long-held goal: technology infrastructure that is so automated that it can protect itself. But as IT leaders aggressively employ automation across our enterprises, we need to continuously reassess what AI is ready to manage autonomously and what can not yet be trusted to algorithms ...

Much like a traditional factory turns raw materials into finished products, the AI factory turns vast datasets into actionable business outcomes through advanced models, inferences, and automation. From the earliest data inputs to the final token output, this process must be reliable, repeatable, and scalable. That requires industrializing the way AI is developed, deployed, and managed ...

Almost half (48%) of employees admit they resent their jobs but stay anyway, according to research from Ivanti ... This has obvious consequences across the business, but we're overlooking the massive impact of resenteeism and presenteeism on IT. For IT professionals tasked with managing the backbone of modern business operations, these numbers spell big trouble ...

For many B2B and B2C enterprise brands, technology isn't a core strength. Relying on overly complex architectures (like those that follow a pure MACH doctrine) has been flagged by industry leaders as a source of operational slowdown, creating bottlenecks that limit agility in volatile market conditions ...

FinOps champions crucial cross-departmental collaboration, uniting business, finance, technology and engineering leaders to demystify cloud expenses. Yet, too often, critical cost issues are softened into mere "recommendations" or "insights" — easy to ignore. But what if we adopted security's battle-tested strategy and reframed these as the urgent risks they truly are, demanding immediate action? ...

Two in three IT professionals now cite growing complexity as their top challenge — an urgent signal that the modernization curve may be getting too steep, according to the Rising to the Challenge survey from Checkmk ...

While IT leaders are becoming more comfortable and adept at balancing workloads across on-premises, colocation data centers and the public cloud, there's a key component missing: connectivity, according to the 2025 State of the Data Center Report from CoreSite ...

A perfect storm is brewing in cybersecurity — certificate lifespans shrinking to just 47 days while quantum computing threatens today's encryption. Organizations must embrace ephemeral trust and crypto-agility to survive this dual challenge ...