IT people need to beef up their opinions about cloud security, says a recent report by the Ponemon Institute called “Data Breach: The Cloud Multiplier Effect.”
The report put together data from the responses of over 600 IT and IT security people in the U.S. The report has three observations:
- Many of the respondents don’t think that their companies are adequately inspecting cloud services for security.
- The cost of a data breach can be pricey.
- When a business attempts to bring its own cloud, this is the costliest for high value intellectual property.
- 72% of the participants thought that their cloud service providers would fail to notify them of a breach if it involved theft of sensitive company data.
- 71% believed this would be the same outcome for customer data breaches.
Many company decision makers don’t think they have a whole lot of understanding into how much data or what kind is stored in a cloud.
- 90% thought that a breach could result when backups and storage of classified data were increased by 50 percent over a period of 12 months.
- 65% believed that if the data center were moved from the U.S. to a location offshore, a breach could result.
All of these findings mentioned here are the result of self-estimations rather than objective analysis of real breaches.
Ponemon also determined that if a breach involved at least 100,000 records of stolen personal data, the economic impact could jump from an average of $2.4 million to $4 million, up to $7.3 million. For a breach of confidential or high-value IP data, the impact would soar from $3 million to $5.4 million.
In addition to the self-reporting loophole, the report had a low response rate: Only 4.2 percent of the targeted 16,330 people responded, and in the end, only 3.8 percent were actually used. Nevertheless, you can’t ignore that even self-estimated attitudes paint a dismal picture of how cloud security is regarded.