Is a data breach worse if it happens in the cloud? Given that a recent Ponemon Institute report is entitled “Data Breach: The Cloud Multiplier Effect,” it sounds like the answer is yes. But the report hints at another conclusion that’s at least as significant as any dollars-and-cents cost of a security breach: the generally low opinion held by IT folks about cloud security.
The report, conducted by the Ponemon Institute and sponsored by cloud-app analytics firm Netskope, tries to put numbers — even if self-estimated — on the cost of a data breach in the cloud. It finds that because of the way cloud resources are handled in some organizations, a data breach could be up to three times costlier if it happens in the cloud.
Ponemon assembled its data based on responses from more than 600 U.S.-based IT and IT security practitioners “who are familiar with their company’s usage of cloud services.” The three key takeaways:
1. Many of those surveyed don’t believe their companies are properly vetting cloud services for security.
2. Certain activities, such as a rapid expansion of operations, can boost the price tag for a data loss breach.
3. The costliest data breaches for high-value intellectual property occur when a company tries to bring its own cloud.
The respondents’ misgivings about security don’t stop at their employers; it covers cloud services too. Seventy-two percent believed their cloud service providers wouldn’t alert them to a data breach that involved the theft of confidential business data, and 71 percent believed the same would happen if customer data were stolen.
Beyond that, many organizations don’t feel they have enough of an insight into what data, or how much of it, is actually in the cloud. Although the metrics were self-estimated in this roundup, the report notes self-estimation may be unavoidable because some of those applications could fall under shadow IT.
Because data breaches aren’t all alike, the report asked the respondents about the likelihood of data breaches rising for various scenarios. The biggest response: 90 percent believed a breach would come when increasing backups and storage of sensitive or confidential data by 50 percent over a 12-month period. When boosting the use of cloud services by 50 percent over the same timeframe, the likelihood was 86 percent. Moving the data center from the United States to an offshore location, by contrast, only ranked at 65 percent. Again, these numbers are self-reported estimates and don’t come from analyses of actual breaches.