Can Cloud Vendors Be Trusted to Obey Data Protection Laws?

By   ISBuzz Team
Writer , Information Security Buzz | Sep 17, 2014 05:05 pm PST

There is widespread mistrust of cloud providers across Europe, with seven in 10 businesses accusing them of failing to comply with laws and regulations on data protection and privacy.

The finding was revealed in a new study entitled “Data Breach: The Cloud Multiplier Effect in European Countries.”[1] The study was commissioned by Netskope, the leader in safe cloud enablement, which launched in September in Europe with a footprint across the continent and headed up by Eduard Meelhuysen, VP of Netskope EMEA. The aim of the study was to gauge how IT perceives cloud security and if they believed use of the cloud would increase the probability of a data breach.

In the study, 53% of respondents said that the likelihood of a data breach increases due to use of the cloud. Additionally, the Ponemon Institute study also found that data breaches increase the expected economic impact by as much as three times when they involve the cloud. This phenomenon is known as the “cloud multiplier effect”; it applies in varying degrees to different scenarios, such as increased data sharing from cloud-based apps or increased use of mobile devices to connect to the cloud.

Cloud worsens the economic impact of data breaches

Using a previously established cost of €136 per compromised record, the loss or theft of 100,000 customer records would cost an organisation €13.6M. But when survey respondents were asked about the potential repercussions from increased usage of cloud services, their lack of trust pushes them to triple the probability of a data breach.

Free Download: Is An Outright Ban On Workplace Social Networking A Good Idea?

Assuming an increase in cloud storage, the estimated probability of a data breach involving the loss or theft of high value information or intellectual property goes up by 126%. In addition, respondents perceived that simply increasing the use of any cloud services causes the impact of a data breach of the same type to go up by 159%. Finally, IT professionals concluded that rapid vendor growth and volatility of a cloud provider could increase the probability of a data breach involving the loss of 100,000 customer records or more by 108%.

The research found widespread mistrust of cloud providers:
·         In addition to the 72% of respondents indicating they believe that cloud providers fail to comply with data protection laws and regulations, 84% of respondents also doubted that their cloud service providers would notify them immediately if their intellectual property or business confidential information had been breached
·         77% of those questioned claimed that their cloud providers would not notify their organisation immediately if they had a data breach involving the loss or theft of customer data.

64% of IT pros think that their organisation’s use of cloud services reduces its ability to protect confidential information, and 59% believe it makes it difficult to secure business-critical applications. In contrast, the majority of respondents still considered the cloud to be equally secure or more secure than on-premises IT, which perhaps indicates more about their lack of confidence in their on-premises security tools than it does about their confidence in the security capabilities of cloud providers.

“This study proves that some companies are struggling with shadow IT and need much more visibility into what data and apps are being accessed in the cloud and guidance on how they should analyse vendors,” said Sanjay Beri, chief executive officer and co-founder of Netskope. “We all know that the cloud can offer productivity gains, but these shouldn’t come at the expense of security. Our respondents agreed that the cloud has the potential to be more secure than on-premises IT, but this is only true if they have policy enforcement capabilities coupled with deep contextual visibility into cloud transactions — especially those involving sensitive data.”

Europe and the US: How We Compare

Comparing the results of this study with a previous Netskope and Ponemon Institute study, which investigated the cloud multiplier effect in the US, European organisations are more confident in their ability to secure the cloud. 51% of US respondents claimed that their organisation’s effectiveness in securing data and applications was “low”–double the percentage of European respondents who felt the same (25%).

Likewise, 52% of European IT professionals rated their organisation’s effectiveness as “high,” but only 26% of US respondents agreed that their organisation was highly effective at securing data and apps in the cloud.
[wp_ad_camp_4]
“Data protection laws and regulations are certainly getting a hard look these days, and this is especially true in Europe,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “I suspect that the low vote of confidence in cloud vendors we’re seeing is due to this heightened scrutiny and a ‘fear of the unknown.’ Overcoming this takes a better understanding of a vendor’s security precautions and how people are using the cloud in the first place. Businesses that demand more vendor transparency and seek efficient methods for evaluating apps and directing usage will find it easier to embrace the cloud and move past this period of uncertainty.”

Netskope Launches in EMEA

Netskope was founded in 2012 in Los Altos, California, USA and has more than 130 employees based in the Silicon Valley, Toronto, Bangalore, London, Paris, Munich and the Benelux region. Backed by more than $55M in funding from Accel Partners, Lightspeed Venture Partners and The Social+Capital Partnership, Netskope has customers in every major industry, including consumer packaged goods, financial services, healthcare, high tech, hospitality, and retail.  The company’s award-winning software product, the Netskope Active Platform™ provides enterprise IT with the following innovations and industry-firsts:

About the Netskope Active Platform:

·         Discovery: Netskope uncovers all cloud apps running in an organisation and provides a rich and dynamic risk rating of those apps that incorporates a measure of each app’s enterprise-readiness. Netskope’s Cloud Confidence Index™ rates the enterprise-readiness of each app based on a set of 50+ criteria ranging from business continuity to encryption of data-at-rest.
·         Risk Dashboard: Netskope enables organisations to mitigate risk by providing the factors that contribute to that risk and controls they need to reduce or eliminate the risk.
·         Visibility: Netskope is the only platform that provides deep context about the usage of any cloud app. Pivoting on data, activities, user identity, location, or the app itself, this contextual awareness provides the basis for the product’s policy enforcement capabilities. This security intelligence can be limited to certain individuals or masked to align with European privacy policies.
·         Active Policies: Netskope goes beyond simple “allow” or “block” policies by using the visibility within the platform to set more meaningful policies for any app. This provides IT with the ability to set policies, such as allowing sharing of content only within the country or region in which the content was created.
·         Active Cloud DLP: Netskope provides context- and activity-aware content classification and policy enforcement. It addresses this problem with the industry’s first and only solution that can enforce granular DLP policies across any cloud app.
·         Active Encryption: Netskope’s context- and activity-aware encryption comes with the choice of performing key management in the cloud or on-premises.
·         Flexible Deployment Options: Netskope is the first and only cloud access security broker to offer comprehensive coverage for cloud app usage whether it’s accessed from the campus or remotely, or via mobile or a native app.

Get your free copy of the study

To download a free copy of the full study, entitled “Data Breach: The Cloud Multiplier Effect in European Countries,” please visit the Netskope website: http://www.netskope.com/reports/europe-ponemon-2014-data-breach-cloud-multiplier-effect.

Methodology

The Ponemon Institute questioned 1,059 IT and IT security practitioners across Europe. For an explanation of the methodology, please see the study: http://www.netskope.com/reports/europe-ponemon-2014-data-breach-cloud-multiplier-effect.

Get the infographic based on the study

To see an infographic based on the study, please visit the Netskope website http://www.netskope.com/infographics/europe-data-breach-cloud-multiplier-effect-infographic.

Attend the Netskope webinar

Netskope is hosting a webinar entitled “Data Privacy, Security, and Sovereignty in a Cloudy World” with leading security expert and senior principal analyst Jon Oltsik of ESG. To sign up for the webinar, please visit the Netskope website: http://www.netskope.com/webinars/data-privacy-security-and-sovereignty-in-a-cloudy-world/.

About Ponemon Institute

ponemonPonemon Institute conducts independent research and education that advances information security, data protection, privacy and responsible information management practices within businesses and governments throughout the world.  Our mission is to conduct high quality, empirical studies on critical issues that affect the protection of information assets and IT infrastructure. As a member of the Council of American Survey Research Organizations (CASRO), we uphold strict data confidentiality, privacy and ethical research standards.

About Netskope

netskopeNetskope™ is the leader in safe cloud enablement. Only the Netskope Active PlatformTM provides discovery, deep visibility, and granular control of sanctioned and unsanctioned cloud apps. With Netskope, IT can direct usage, protect sensitive data, and ensure compliance in real-time, on any device, and with the broadest range of deployment options in the market. With Netskope, businesses can move fast, with confidence.

Netskope is headquartered in Los Altos, California. Visit us at www.netskope.com and follow us on Twitter @Netskope.

[1] Ponemon Institute surveyed 1,059 IT and IT security professionals across Europe. For the full methodology, please download a free copy of the report from the Netskope website: http://www.netskope.com/reports/europe-ponemon-2014-data-breach-cloud-multiplier-effect.

Subscribe
Notify of
guest
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

0
Would love your thoughts, please comment.x
()
x