Businesses of all sizes are moving to the cloud to reduce costs and improve productivity across a range of business-critical applications. But as much of a boon as the model may be operationally, security professionals expect cloud services to significantly multiply the likelihood and economic impact of data breaches as they pervade the enterprise, by as many as three times.
A Ponemon Institute survey on the "cloud multiplier effect," commissioned by Netskope, showed that respondents estimate that every 1% increase in the use of cloud services will result in a 3% higher probability of a data breach. This means that an organization using 100 cloud services would only need to add 25 more to increase the likelihood of a data breach by 75%.
Given Ponemon’s May 2014 Cost of a Data Breach study that established an average cost of $201.18 per lost or stolen customer record, the financial ramifications could be staggering. For a data breach involving 100,000 or more customer records, the cost would come to just over $20 million.
“Imagine then if the probability of that data breach were to triple simply because you increased your use of the cloud,” said Sanjay Beri, CEO and founder of Netskope, in a statement. “That’s what enterprise IT folks are coming to grips with, and they’ve started to recognize the need to align their security programs to account for it.”
However, the survey also reveals that the scope of usage and responsibility for securing cloud services remains largely unknown among IT. Respondents believe that 45% of all software applications used by organizations are in the cloud, but exactly half (22.5%) of these applications are not visible to IT. When it comes to business critical apps, respondents estimate that 36% of them are now based in the cloud, yet IT lacks visibility into nearly half of those.
“Rewriting this story requires contextual knowledge about how these apps are being used and an effective way of mitigating risk,” Beri said.
Across the board, respondents said they believe there is a lack of due diligence in the implementation and monitoring of security programs within companies and have uncertainty about cloud service provider security practices, while recognizing that there are unknown cloud services in a network. This all leads to the general perception that the probability of a data breach is increasing in today’s IT environment.
If fact, more than two-thirds (69%) of respondents believe that their organization is not proactive in assessing information that is too sensitive to be stored in the cloud. And, 62% of respondents believe the cloud services in use by their organization are not thoroughly vetted for security before deployment.
Further, almost three-quarters (72%) of respondents believe their cloud service provider would not notify them immediately if they had a data breach involving the loss or theft of their intellectual property or business confidential information, and 71% believe they would not receive immediate notification following a breach involving the loss or theft of customer data.
“We’ve been tracking the cost of a data breach for years but have never had the opportunity to look at the potential risks and economic impact that might come from cloud in particular,” said Larry Ponemon, chairman and founder of Ponemon Institute. “It’s fascinating that the perceived risk and economic impact is so high when it comes to cloud app usage. We’ll be interested to see how these perceptions change over time.”