Ponemon Report Connects Cloud Service Use to Higher Breach Costs

Companies' use of cloud services will likely lead to higher costs from data breaches, according to a survey conducted by the Ponemon Institute.

Data Breach

Information technology and security professionals believe that the increasing use of cloud services in business can raise the potential cost of data breaches by as much as 200 percent, according to a survey and analysis conducted by the Ponemon Institute.

The survey, sponsored by cloud-management firm Netskope, found that IT staff and managers who report directly to the CIO believe that their lack of knowledge about employees' use of cloud services puts enterprise data at risk.

The analysis measured the degree to which the 631 respondents believed nine different cloud trends impacted the risk to business data. The trends varied from an increase in data backed up to the cloud to a greater number of employees using consumer-level cloud services in the workplace.

IT security staff "agree that a large percentage of data is out of their control," Sanjay Beri, CEO and founder of Netskope, told eWEEK. "They don't have any visibility or awareness, and they don't have the most basic controls."

The Ponemon Institute survey gauged the confidence that IT security practitioners had in their company's use of the cloud and whether data stored in cloud services was safe. Almost 70 percent of companies do not proactively classify their company's data before deciding whether to store it in the cloud or not. Without that information, more than half of the respondents believed the use of cloud increases the risk to their data, while only 14 percent responded that business data was safer in the cloud.

The survey found that 45 percent of all software applications used by organizations have migrated to the cloud, but half of those cloud services are not visible to the IT department.

The Ponemon Institute used nine likely trends to measure the impact that the cloud might have on data loss. Using trends such as whether the number of devices accessing the cloud increased by half or that a primary cloud provider fails an audit, the survey asked respondents whether such a scenario would increase risk. The Ponemon Institute used the responses to calculate the expected loss of each trend.

While the loss of 100,000 customer records is expected to cost a company $2.37 million on average, a business that moves 50 percent more data into a cloud backup service could expect that loss to increase to $7.34 million in the worst case. Increasing use of cloud services had a lesser impact on the cost of sensitive records lost, as opposed to consumer data, according to the Ponemon report.

"This report is not about, 'Oh no, the cloud is so horrible,'" Beri said. "It is about where are enterprises in the adoption of cloud solutions and services, and where can they mitigate their risks."

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...