Cloud Security: Provider Mistrust

Wednesday, September 17, 2014 @ 05:09 PM gHale


Cloud and security. Right now, they are not working perfectly together.

That is because there is a widespread mistrust of cloud providers across Europe with seven in 10 businesses accusing them of failing to comply with laws and regulations on data protection and privacy, according to report by Netskope and The Ponemon Institute.

With the cloud becoming more pervasive, that is a not a good sign coming from the user community.

RELATED STORIES
Cloud Hosts Linux DDoS Trojans
DDoS Attacks Growing, Cloud a Target
Cloud Botnets able to Mine Coin
Malware Threat Targets Linux, Unix

The study shows 53 percent of respondents said the likelihood of a data breach increases due to the cloud, and the Ponemon Institute study also found data breaches increase the expected economic impact by as much as three times when they involve the cloud.

This is the “cloud multiplier effect,” and the research found this applies to varying degrees in accordance with different cloud scenarios, such as increased data sharing from cloud apps or increased use of mobile devices to connect to cloud.

Using a previously established cost of $175 (€136) per compromised record, the loss or theft of 100,000 customer records would cost an organization $17.5 million (€13.6M). But when the survey asked about the potential repercussions from increased usage of cloud services, respondents’ lack of trust pushes them to triple the probability of a data breach.

Assuming an increase in cloud storage, the estimated probability of a data breach involving the loss or theft of high value information or intellectual property goes up by 126 percent. In addition, respondents perceived that simply increasing the use of any cloud services causes the impact of a data breach of the same type to go up by 159 percent. Finally, IT professionals concluded that rapid vendor growth and volatility of a cloud provider could increase the probability of a data breach involving the loss of 100,000 customer records or more by 108 percent.

The research found widespread mistrust of cloud providers:
• 84 percent of respondents also doubted their cloud service providers would notify them immediately if their intellectual property or business confidential information ended up breached.
• 77 percent of those questioned said their cloud providers would not notify their organization immediately if they had a data breach involving the loss or theft of customer data.

In addition, 64 percent of IT pros think their organization’s use of cloud services reduces its ability to protect confidential information and 59 percent believe it makes it difficult to secure business-critical applications. In contrast, the majority of respondents still considered cloud to be equally secure or more secure than on-premises IT.

“This study proves that some companies are struggling with shadow IT and need much more visibility into what data and apps are being accessed in the cloud and guidance on how they should analyze vendors,” said Sanjay Beri, chief executive officer and co-founder of Netskope.

“We all know that cloud can offer productivity gains, but these shouldn’t come at the expense of security,” Beri said. “Our respondents agreed that cloud has the potential to be more secure than on-premises IT, but this is only true if they have policy enforcement capabilities coupled with deep contextual visibility into cloud transactions — especially those involving sensitive data.”

Comparing the results of this study with a previous Netskope and Ponemon Institute study, which investigated the cloud multiplier effect in the U.S., European organizations are more confident in their ability to secure the cloud. 51 percent of U.S. respondents said their organization’s effectiveness in securing data and applications was “low,” double the percentage of European respondents who felt the same (25 percent).

Likewise, 52 percent of European IT professionals rated their organization’s effectiveness as “high” but only 26 percent of U.S. respondents agreed their organization was highly effective at securing data and apps in the cloud.

“I suspect that the low vote of confidence in cloud vendors we’re seeing is due to this heightened scrutiny and a ‘fear of the unknown,’” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “Overcoming this takes a better understanding of a vendor’s security precautions and how people are using the cloud in the first place. Businesses that demand more vendor transparency and seek efficient methods for evaluating apps and directing usage will find it easier to embrace the cloud and move past this period of uncertainty.”



Leave a Reply

You must be logged in to post a comment.