Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/5/2014
08:05 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

1st-of-Its-Kind Study Quantifies Cost of a Cloud Data Breach

IT Estimates Increased Use of Cloud Services Can Triple the Probability of a $20M Data Breach.

LOS ALTOS, Calif. – June 4, 2014 – Netskope today released the first study to estimate the financial cost of a cloud data breach. The study, entitled “Data Breach: The Cloud Multiplier Effect,” was conducted by Ponemon Institute and surveyed 613 IT and security professionals. The results prove that IT and security professionals expect cloud services to multiply the likelihood and economic impact of data breaches as they pervade the enterprise. They also reveal that the scope of usage and responsibility for securing cloud services remains largely unknown among IT.

The report draws upon Ponemon Institute’s May 2014 Cost of a Data Breach study that established a cost of $201.18 per lost or stolen customer record. For a data breach involving 100,000 or more customer records the cost would come to just over $20 million. Survey respondents were asked to estimate the current probability of a data breach of that magnitude and then how increasing the use of cloud services would change that probability. The report states that this multiplies the probability of a data breach by as much as 3x.

“With a $201 price tag for every record lost, the cost of a data breach of just 100,000 records is $20 million. Imagine then if the probability of that data breach were to triple simply because you increased your use of the cloud. That’s what enterprise IT folks are coming to grips with and they’ve started to recognize the need to align their security programs to account for it,” said Sanjay Beri, CEO and founder of Netskope. “The report shows that while there are many enterprise-ready apps available today, the uncertainty from risky apps is stealing the show for IT and security professionals. Rewriting this story requires contextual knowledge about how these apps are being used and an effective way of mitigating risk.”

“We’ve been tracking the cost of a data breach for years but have never had the opportunity to look at the potential risks and economic impact that might come from cloud in particular,” said Dr. Larry Ponemon, Chairman and Founder of Ponemon Institute. “It’s fascinating that the perceived risk and economic impact is so high when it comes to cloud app usage. We’ll be interested to see how these perceptions change over time as the challenge becomes more openly discussed and cloud access security broker solutions like Netskope become more known to enterprises.”

Lack of confidence in the cloud increases expectations of a data breach

Across the board, respondents believe that their high-value IP and customer data are less secure when the use of cloud services increases. Respondents said they believe there is a lack of due diligence in the implementation and monitoring of security programs within companies and have uncertainty about cloud service provider security practices, while recognizing that there are unknown cloud services in a network. This all leads to the general perception that the probability of a data breach is increasing in today’s IT environment.

·         Respondents estimate that every 1 percent increase in the use of cloud services will result in a 3 percent higher probability of a data breach. This means that an organization using 100 cloud services would only need to add 25 more to increase the likelihood of a data breach by 75 percent.

·         More than two-thirds (69 percent) of respondents believe that their organization is not proactive in assessing information that is too sensitive to be stored in the cloud.

·         62 percent of respondents believe the cloud services in use by their organization are not thoroughly vetted for security before deployment.

·         Almost three-quarters (72 percent) of respondents believe their cloud service provider would not notify them immediately if they had a data breach involving the loss or theft of their intellectual property or business confidential information, and 71 percent believe they would not receive immediate notification following a breach involving the loss or theft of customer data.

·         Respondents believe 45 percent of all software applications used by organizations are in the cloud, but exactly half (22.5 percent) of these applications are not visible to IT.

·         Respondents estimate that 36 percent of business critical apps are based in the cloud, yet IT lacks visibility into nearly half of them.

Methodology

Ponemon Institute surveyed 613 IT and security practitioners in the U.S. who are familiar with their company’s usage of cloud services. The web-based survey was fielded in March of 2014. For the full report, visit Netskope’s website: http://www.netskope.com/reports-infographics/ponemon-2014-data-breach-cloud-multiplier-effect/

About Ponemon Institute
Ponemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world.  Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards. www.ponemon.org.

About Netskope

Netskope™ is the leader in cloud app analytics and policy enforcement. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps. The Netskope Active Platform performs deep analytics and lets decision-makers create policies in a few clicks that prevent the loss of sensitive data and optimize cloud app usage in real-time and at scale, whether IT manages the app or not. With Netskope, people get their favorite cloud apps and the business can move fast, with confidence.

Netskope is headquartered in Los Altos, California. Visit us at www.netskope.com and follow us on Twitter @Netskope.

- See more at: http://www.netskope.com/press-releases/netskope-and-ponemon-institute-report-it-estimates-increased-use-of-cloud-services-can-triple-the-probability-of-data-breach/#sthash.hV4c3DkM.dpuf

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there�s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges need...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...