Most European businesses don’t trust cloud providers to comply with data protection laws
Wed 17 Sep 2014
A mistrust of cloud vendors exists among European companies with seven out of 10 businesses accusing them of failing to obey data protection regulations, a survey has found.
The study, entitled “Data Breach: The Cloud Multiplier Effect in European Countries”, was conducted by the Ponemon Institute, and sponsored by Netskope, cloud enablement specialists. The survey captured responses from 1,059 IT and IT security practitioners across 16 European countries, including the UK, France, and Germany.
The aim of the survey and subsequent report was to identify how cloud security is perceived in IT, and if participants believed that cloud usage would increase the probability and economic impact of a data breach, in what is known as the “cloud multiplier effect.”
The study revealed that 53% of those surveyed thought that cloud would increase the likelihood of a data breach. The research also found that a data breach which involved cloud, would increase the estimated financial impact by up to three times. This applied to different cloud scenarios, including increased data sharing over cloud applications and increased deployment of BYOD.
Using a previously estimated cost of €136 per compromised record, the loss of 100,000 customer records would cost a business €13.6mn. However, when asked about potential repercussions from increasing cloud technology usage, the respondents’ mistrust pushed them to triple this estimate to €39mn.
The study also revealed that if there is an increase in cloud storage, the predicted likelihood of a data breach of high value information or intellectual property rose by 126%.
In addition to the 72% of respondents indicating that they believe cloud vendors fail to obey data protection laws, 84% of those surveyed also did not trust that their cloud providers would inform them immediately if business confidential information had been breached.
However, it was found that despite this lack of trust, the majority of IT professionals consider cloud services to be equally or more secure than on-premises IT.
“This study proves that some companies are struggling with shadow IT and need much more visibility into what data and apps are being accessed in the cloud and guidance on how they should analyse vendors,” said Sanjay Beri, Netskope chief executive officer and co-founder.
“We all know that cloud can offer productivity gains, but these shouldn’t come at the expense of security. Our respondents agreed that cloud has the potential to be more secure than on-premises IT, but this is only true if they have policy enforcement capabilities coupled with deep contextual visibility into cloud transactions — especially those involving sensitive data,” Beri continued.
The results can be compared with an earlier Netskope and Ponemon Institute study, which investigated the cloud multiplier effect in the US. In Europe it was found that organisations held more confidence in their ability to secure the cloud than their US counterparts. 51% of US respondents said that their company’s effectiveness in securing data and applications was “low”, as opposed to 25% of European respondents.
Furthermore, 52% of European IT professionals agreed that their business was “highly” effective at securing the cloud, whereas only 26% of US professionals felt the same way about their organisation.
“Data protection laws and regulations are certainly getting a hard look these days, and this is especially true in Europe,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.
“I suspect that the low vote of confidence in cloud vendors we’re seeing is due to this heightened scrutiny and a ‘fear of the unknown.’ Overcoming this takes a better understanding of a vendor’s security precautions and how people are using the cloud in the first place. Businesses that demand more vendor transparency and seek efficient methods for evaluating apps and directing usage will find it easier to embrace the cloud and move past this period of uncertainty,” Ponemon added.
Read the full report here.