There is widespread mistrust of cloud providers across Europe with seven in 10 businesses accusing them of failing to comply with laws and regulations on data protection and privacy.
The finding was revealed in a new study entitled 'Data Breach: The Cloud Multiplier Effect in European Countries,' commissioned by cloud security specialist Netskope. The aim of the study was to gauge how IT perceives cloud security and if they believed cloud would increase the probability of a data breach.
> See also: New EU data laws to include 24hr breach notification
The study shows that 53% of respondents said the likelihood of a data breach increases due to the cloud, and the Ponemon Institute study also found that data breaches increase the expected economic impact by as much as three times when they involve the cloud. This phenomenon is known as the 'cloud multiplier effect,' and the research found this applies to varying degrees in accordance with different cloud scenarios, such as increased data sharing from cloud apps or increased use of mobile devices to connect to cloud.
Cloud worsens the economic impact of data breaches
Using a previously established cost of €136 per compromised record, the loss or theft of 100,000 customer records would cost an organisation €13.6M. But when survey respondents were asked about the potential repercussions from increased usage of cloud services, their lack of trust pushes them to triple the probability of a data breach.
Assuming an increase in cloud storage, the estimated probability of a data breach involving the loss or theft of high value information or intellectual property goes up by 126%. In addition, respondents perceived that simply increasing the use of any cloud services causes the impact of a data breach of the same type to go up by 159%.
Finally, IT professionals concluded that rapid vendor growth and volatility of a cloud provider could increase the probability of a data breach involving the loss of 100,000 customer records or more by 108%.
The research uncovered widespread mistrust of cloud providers. In addition to the 72% of respondents indicating they believe that cloud providers fail to comply with data protection laws and regulations, 84% of respondents also doubted that their cloud service providers would notify them immediately if their intellectual property or business confidential information were breached
77% of those questioned claimed that their cloud providers would not notify their organisation immediately if they had a data breach involving the loss or theft of customer data.
64% of IT pros think that their organisation’s use of cloud services reduces its ability to protect confidential information and 59% believe it makes it difficult to secure business-critical applications. In contrast, the majority of respondents still considered cloud to be equally secure or more secure than on-premises IT, which perhaps indicates more about their lack of confidence in their on-premises security tools than it does about their confidence in the security capabilities of cloud providers.
> See also: Keys to the castle: encryption in the cloud
'This study proves that some companies are struggling with shadow IT and need much more visibility into what data and apps are being accessed in the cloud and guidance on how they should analyse vendors,' said Sanjay Beri, chief executive officer and co-founder of Netskope.
'We all know that cloud can offer productivity gains, but these shouldn’t come at the expense of security. Our respondents agreed that cloud has the potential to be more secure than on-premises IT, but this is only true if they have policy enforcement capabilities coupled with deep contextual visibility into cloud transactions — especially those involving sensitive data.'