72% of businesses don’t trust cloud vendors
There is widespread mistrust of cloud providers across Europe with seven in 10 businesses accusing them of failing to comply with laws and regulations on data protection and privacy, according to Netskope and The Ponemon Institute.
The study shows that 53% of respondents said the likelihood of a data breach increases due to the cloud, and the Ponemon Institute study also found that data breaches increase the expected economic impact by as much as three times when they involve the cloud.
This phenomenon is known as the “cloud multiplier effect,” and the research found this applies to varying degrees in accordance with different cloud scenarios, such as increased data sharing from cloud apps or increased use of mobile devices to connect to cloud.
Using a previously established cost of €136 per compromised record, the loss or theft of 100,000 customer records would cost an organisation €13.6M. But when survey respondents were asked about the potential repercussions from increased usage of cloud services, their lack of trust pushes them to triple the probability of a data breach.
Assuming an increase in cloud storage, the estimated probability of a data breach involving the loss or theft of high value information or intellectual property goes up by 126%. In addition, respondents perceived that simply increasing the use of any cloud services causes the impact of a data breach of the same type to go up by 159%. Finally, IT professionals concluded that rapid vendor growth and volatility of a cloud provider could increase the probability of a data breach involving the loss of 100,000 customer records or more by 108%.
The research found widespread mistrust of cloud providers:
- In addition to the 72% of respondents indicating they believe that cloud providers fail to comply with data protection laws and regulations, 84% of respondents also doubted that their cloud service providers would notify them immediately if their intellectual property or business confidential information were breached
- 77% of those questioned claimed that their cloud providers would not notify their organisation immediately if they had a data breach involving the loss or theft of customer data.
64% of IT pros think that their organisation’s use of cloud services reduces its ability to protect confidential information and 59% believe it makes it difficult to secure business-critical applications. In contrast, the majority of respondents still considered cloud to be equally secure or more secure than on-premises IT, which perhaps indicates more about their lack of confidence in their on-premises security tools than it does about their confidence in the security capabilities of cloud providers.
“This study proves that some companies are struggling with shadow IT and need much more visibility into what data and apps are being accessed in the cloud and guidance on how they should analyse vendors,” said Sanjay Beri, chief executive officer and co-founder of Netskope. “We all know that cloud can offer productivity gains, but these shouldn’t come at the expense of security. Our respondents agreed that cloud has the potential to be more secure than on-premises IT, but this is only true if they have policy enforcement capabilities coupled with deep contextual visibility into cloud transactions — especially those involving sensitive data.”
Europe and the US: how we compare
Comparing the results of this study with a previous Netskope and Ponemon Institute study, which investigated the cloud multiplier effect in the US, European organisations are more confident in their ability to secure the cloud. 51% of US respondents claimed that their organisation’s effectiveness in securing data and applications was “low,” double the percentage of European respondents who felt the same (25%).
Likewise, 52% of European IT professionals rated their organisation’s effectiveness as “high” but only 26% of US respondents agreed that their organisation was highly effective at securing data and apps in the cloud.
“Data protection laws and regulations are certainly getting a hard look these days, and this is especially true in Europe,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “I suspect that the low vote of confidence in cloud vendors we’re seeing is due to this heightened scrutiny and a “fear of the unknown.’ Overcoming this takes a better understanding of a vendor’s security precautions and how people are using the cloud in the first place. Businesses that demand more vendor transparency and seek efficient methods for evaluating apps and directing usage will find it easier to embrace the cloud and move past this period of uncertainty.”