Do Cloud Computing Services Make Data Loss More Costly?
It has been repeatedly claimed that a migration to cloud computing services will bring with it productivity and collaborative gains at the expense of data security, since the data is being managed by a third party. However, the cost of that increased security risk has never been quantified until now, in a new report from Netskope and the Ponemon Institute. Midsize businesses should take note of the report's findings, but they should also approach these numbers with the requisite grain of salt.
Hidden Dangers With Cloud Computing Services
The data comes from a survey of over 600 cloud-aware IT professionals who attempted to quantify the "cloud multiplier effect," the cloud's added risk of a costly data breach. As detailed in a recent eWEEK article, the report found that in certain situations — for example, when there is a 50 percent increase in the use of cloud-based storage of sensitive information — the expected cost of a data breach can increase by more than 200 percent.
Part of the reason why the expected cost of data breaches is so high is due to how businesses currently interact with the cloud. The survey found that almost 70 percent of businesses fail to classify the data by importance before making the decision to move to the cloud. Furthermore, the survey found that almost half of all applications have migrated, in one way or another, to the cloud, yet fully half of those applications are not managed or even visible to the IT department.
Breaking Down the Numbers
While this report does have some eye-opening numbers, it is important to consider these findings within the context of the manner in which the survey was conducted. The survey uses IT professionals' predictions about the cloud being less secure — since 51 percent of respondents claim that the likelihood of a data breach increases in the cloud — to add an expected cost to data loss when using cloud computing services over an average baseline cost that the Ponemon Institute had previously calculated.
That is to say that the added cost is not a hard value associated with how the cloud works, but rather a quantifiable increase in vulnerability based on how the average business currently uses the cloud. Of note is that 49 percent of respondents believe that the use of cloud services had either no impact, decreased or significantly decreased the likelihood of a data breach; should these opinions ever become a significant majority, the values quoted in the report would come way down.
Staying Ahead of the Problem
Midsize businesses currently sit in the sweet spot for cloud adoption since they tend to be large enough to need the added flexibility and collaboration that the cloud can bring, yet are still small enough to adopt a cloud solution company-wide. IT managers at these businesses should not take these numbers as a sign that the cloud is inherently insecure; these numbers should, however, be a sign that blindly adopting cloud computing solutions just to be in the cloud is extremely dangerous to the company's bottom line.
As with all new programs, due diligence must be conducted when adopting a cloud computing solution. When a midsize business finds the right cloud partner, they can actually see their overall security level increase, putting them in a competitive position without putting the company's valuable data at risk.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.