There is widespread mistrust of cloud providers across Europe, according to a survey. Some seven in ten businesses accusing the suppliers of failing to comply with laws and regulations on data protection and privacy.
The finding was in a study titled “Data Breach: The Cloud Multiplier Effect in European Countries.” Ponemon Institute surveyed 1,059 IT and IT security professionals across Europe. For the full methodology, you can download a free copy of the report from the Netskope website.
The study by the Ponemon Institute was commissioned by Netskope, which launched in September headed by Eduard Meelhuysen, VP of Netskope EMEA. The aim of the study was to gauge how IT perceives cloud security and if they believed cloud would increase the probability of a data breach.
The study suggeted that 53pc of respondents said the likelihood of a data breach increases due to the cloud. Also, data breaches increase the expected economic impact by as much as three times when they involve the cloud. This phenomenon is known as the “cloud multiplier effect,” and the research found this applies to varying degrees in accordance with different cloud scenarios, such as data sharing from cloud apps or use of mobile devices to connect to cloud.
Impact of data breaches
Using a previously established cost of 136 euros per compromised record, the loss or theft of 100,000 customer records would cost an organisation 13.6m euros. But when survey respondents were asked about the potential repercussions from increased usage of cloud services, their lack of trust pushes them to triple the probability of a data breach.
Assuming an increase in cloud storage, the estimated probability of a data breach involving the loss or theft of high value information or intellectual property goes up by 126 per cent. Respondents perceived that simply increasing the use of any cloud services causes the impact of a data breach of the same type to go up by 159pc. Finally, IT people concluded that rapid vendor growth and volatility of a cloud provider could increase the probability of a data breach involving the loss of 100,000 customer records or more by 108pc.
The research found widespread mistrust of cloud providers:
– In addition to the 72pc of respondents indicating they believe that cloud providers fail to comply with data protection laws and regulations, 84pc of respondents also doubted that their cloud service providers would notify them immediately if their intellectual property or business confidential information were breached;
– 77 per cent of those questioned claimed that their cloud providers would not notify their organisation immediately if they had a data breach involving the loss or theft of customer data.
– 64pc of IT people think that their organisation’s use of cloud services reduces its ability to protect confidential information and
– 59pc believe it makes it difficult to secure business-critical applications. In contrast, the majority of respondents still considered cloud to be equally secure or more secure than on-premises IT, which perhaps indicates more about their lack of confidence in their on-premises security tools than it does about their confidence in the security capabilities of cloud providers.
Sanjay Beri, chief executive officer and co-founder of Netskope, said: “This study proves that some companies are struggling with shadow IT and need much more visibility into what data and apps are being accessed in the cloud and guidance on how they should analyse vendors. We all know that cloud can offer productivity gains, but these shouldn’t come at the expense of security. Our respondents agreed that cloud has the potential to be more secure than on-premises IT, but this is only true if they have policy enforcement capabilities coupled with deep contextual visibility into cloud transactions — especially those involving sensitive data.”
Europe and the US
Comparing the results of this study with a previous Netskope and Ponemon Institute study, which investigated the cloud multiplier effect in the US, European organisations are more confident in their ability to secure the cloud. About half, 51pc of US respondents claimed that their organisation’s effectiveness in securing data and applications was “low,” double the European respondents who felt the same (25pc).
Likewise, 52pc of European IT people rated their organisation’s effectiveness as “high” but only 26pc of US respondents agreed that their organisation was highly effective at securing data and apps in the cloud.
Dr Larry Ponemon, chairman and founder of Ponemon Institute, said: “Data protection laws and regulations are certainly getting a hard look these days, and this is especially true in Europe. I suspect that the low vote of confidence in cloud vendors we’re seeing is due to this heightened scrutiny and a ‘fear of the unknown.’ Overcoming this takes a better understanding of a vendor’s security precautions and how people are using the cloud in the first place. Businesses that demand more vendor transparency and seek efficient methods for evaluating apps and directing usage will find it easier to embrace the cloud and move past this period of uncertainty.”
Visit http://www.netskope.com/reports/europe-ponemon-2014-data-breach-cloud-multiplier-effect.
