Cloud computing triples probability of major data breach: survey

In 2013 the cloud computing market was worth more than US$131 billion, according to Gartner Inc., with huge growth still to come. With huge increases in the number of employees working from home, the convenience, cost effectiveness and ease of administration of cloud application services means enterprises are only going to rely more heavily on cloud applications in the future.

But besides the advantages of cloud computing, security considerations have to be weighed in the balance. A new survey of IT professionals has found that increased use of cloud services can triple the probability of a major data breach, and that the cost can be staggering.

Titled “Data Breach: The Cloud Multiplier Effect,” the study was conducted by the Ponemon Institute for cloud app analytics and policy enforcement vendor Netskope. The researchers polled more than 613 IT and security professionals.

Ponemon had already published research establishing a cost of more than US$200 for every customer record that is lost or stolen in a data breach. For large enterprise repositories containing hundreds of thousands of customer records, the cost of an incident quickly reaches into the tens of millions of dollars.

Disconcertingly, respondents in the new study said that a breach of that scale is three times more likely for enterprises that rely on cloud app services. The “cloud multiplier effect” translates to a three per cent higher risk of a data breach for every one per cent increase in the use of cloud services. As Netskope puts it, “this means that an organization using 100 cloud services would only need to add 25 more to increase the likelihood of a data breach by 75 per cent.”

Other findings:

  • more than two-thirds of IT professionals surveyed believe their organization isn’t proactive in deciding which information is too sensitive to be stored in the cloud;
  • sixty-two per cent say the cloud services used by their organization aren’t properly vetted for security before deployment;
  • nearly three-quarters believe their cloud service provider wouldn’t even notify them immediately of a data breach involving the loss or theft of intellectual property or business confidential information;
  • seventy-one per cent say they wouldn’t expect to receive immediate notification following a breach involving the loss or theft of customer data.

Respondents said that 45 per cent of all software applications used by their organizations are in the cloud, but that half of these aren’t even visible to IT administration. And while they estimated that 36 per cent of business-critical apps are also based in the cloud, IT lacks visibility into nearly half of them.

IT professionals believe high-value IP and customer data are less secure when the use of cloud services increases. They believe there’s not enough due diligence performed when implementing and monitoring enterprise security programs, they aren’t sure what the security practices of cloud service providers are, and things aren’t made any clearer by the fact that there are unknown cloud services in a network.

“We’ve been tracking the cost of a data breach for years but have never had the opportunity to look at the potential risks and economic impact that might come from cloud in particular,” said Dr. Larry Ponemon, chair and founder of Ponemon Institute, in announcing the survey results. “It’s fascinating that the perceived risk and economic impact is so high when it comes to cloud app usage.”

Sanjay Beri, CEO and founder of Netskope, added that “the report shows that while there are many enterprise-ready apps available today, the uncertainty from risky apps is stealing the show for IT and security professionals. Rewriting this story requires contextual knowledge about how these apps are being used and an effective way of mitigating risk.”


Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Andrew Brooks
Andrew Brooks
Andrew Brooks is managing editor of IT World Canada. He has been a technology journalist and editor for 20 years, including stints at Technology in Government, Computing Canada and other publications.

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now