In 2013 the cloud computing market was worth more than US$131 billion, according to Gartner Inc., with huge growth still to come. With huge increases in the number of employees working from home, the convenience, cost effectiveness and ease of administration of cloud application services means enterprises are only going to rely more heavily on cloud applications in the future.
But besides the advantages of cloud computing, security considerations have to be weighed in the balance. A new survey of IT professionals has found that increased use of cloud services can triple the probability of a major data breach, and that the cost can be staggering.
Titled “Data Breach: The Cloud Multiplier Effect,” the study was conducted by the Ponemon Institute for cloud app analytics and policy enforcement vendor Netskope. The researchers polled more than 613 IT and security professionals.
Ponemon had already published research establishing a cost of more than US$200 for every customer record that is lost or stolen in a data breach. For large enterprise repositories containing hundreds of thousands of customer records, the cost of an incident quickly reaches into the tens of millions of dollars.
Disconcertingly, respondents in the new study said that a breach of that scale is three times more likely for enterprises that rely on cloud app services. The “cloud multiplier effect” translates to a three per cent higher risk of a data breach for every one per cent increase in the use of cloud services. As Netskope puts it, “this means that an organization using 100 cloud services would only need to add 25 more to increase the likelihood of a data breach by 75 per cent.”
- more than two-thirds of IT professionals surveyed believe their organization isn’t proactive in deciding which information is too sensitive to be stored in the cloud;
- sixty-two per cent say the cloud services used by their organization aren’t properly vetted for security before deployment;
- nearly three-quarters believe their cloud service provider wouldn’t even notify them immediately of a data breach involving the loss or theft of intellectual property or business confidential information;
- seventy-one per cent say they wouldn’t expect to receive immediate notification following a breach involving the loss or theft of customer data.
Respondents said that 45 per cent of all software applications used by their organizations are in the cloud, but that half of these aren’t even visible to IT administration. And while they estimated that 36 per cent of business-critical apps are also based in the cloud, IT lacks visibility into nearly half of them.
IT professionals believe high-value IP and customer data are less secure when the use of cloud services increases. They believe there’s not enough due diligence performed when implementing and monitoring enterprise security programs, they aren’t sure what the security practices of cloud service providers are, and things aren’t made any clearer by the fact that there are unknown cloud services in a network.
“We’ve been tracking the cost of a data breach for years but have never had the opportunity to look at the potential risks and economic impact that might come from cloud in particular,” said Dr. Larry Ponemon, chair and founder of Ponemon Institute, in announcing the survey results. “It’s fascinating that the perceived risk and economic impact is so high when it comes to cloud app usage.”
Sanjay Beri, CEO and founder of Netskope, added that “the report shows that while there are many enterprise-ready apps available today, the uncertainty from risky apps is stealing the show for IT and security professionals. Rewriting this story requires contextual knowledge about how these apps are being used and an effective way of mitigating risk.”
Understanding how IBM Spectrum Protect enables hybrid data protection
Abdicating your company’s data protection responsibilities to the first cloud solution provider you encounter is just as unwise as doing nothing at all to leverage the cloud. On the other hand, it can be a wise decision to investigate what results you might achieve by choosing a backup technology that is capable of supporting a hybrid protection approach capable of covering both on-premises technology and offsite cloud capabilities.