Study: Use of cloud multiplies data breach risk

The risk of having a $20 million or greater data breach can triple when an organization uses cloud services, according to a report from the Ponemon Institute, which was funded by Netskope, a cloud security broker.

The proliferation of mobile and other devices with access to the cloud, and growing dependency on cloud services without adequate security protections all contribute to the heightened risk. This could have implications for the healthcare industry as the threat of HIPAA violations and cost of unauthorized personal health data access looms large.

The study’s conclusions are based on the survey of 613 IT and security practitioners located in the U.S. Of these, 51 percent said on-premise IT is equally or less secure than cloud-based services. However, 66 percent of respondents said use of cloud resources diminishes an organization’s ability to protect sensitive health information and 64 percent reported that it makes it difficult to secure business-critical applications.

The following are key conclusions presented in the report:

• Cloud security is an oxymoron for many companies, as 62 percent of respondents do not agree or are unsure whether cloud services are thoroughly vetted before deployment

• Certain activities increase the cost of a breach when customer data is lost or stolen. For example, an increase in the backup or storage of sensitive or confidential customer information can cause the most costly breaches and organizations are at greater risk when primary cloud service providers expand operations too quickly.

• Certain activities increase the cost of a breach when high value IP and business confidential information is lost or stolen. Bring Your Own Cloud (BYOC) results in the most costly data breaches involving high value IP. The second most costly is the backup and storage of sensitive or confidential information in the cloud.

Access the report here.