Businesses lack trust in cloud providers' approach to data protection and security, survey reveals

Out-Law News | 18 Sep 2014 | 3:17 pm | 1 min. read

European businesses lack trust in cloud providers' data protection and security procedures and practices, according to a study by the Ponemon Institute.

A new report, 'Data Breach: The Cloud Multiplier Effect in European Countries' (30-page / 1.59MB PDF), published by the research body and commissioned by cloud security business Netskope, said that most IT and IT security professionals at European businesses do not believe their cloud provider would inform them immediately of data breaches involving the loss of theft of their intellectual property (IP) (85%) or customer data (77%).

Nearly three quarters of those surveyed (72%) also said they are either unsure, disagree or strongly disagree with the statement that their cloud service providers are in full compliance with privacy and data protection regulations and laws, according to the report.

The study revealed that, on average, just 23% of European companies' business-critical applications are cloud-based. According to the survey, a fifth of all business information is stored in the cloud, on average. However, the report highlighted a belief within the IT and IT security professional that nearly a quarter of cloud-stored data (23%) "is not visible to IT". The respondents estimate that 17% of sensitive or confidential data stored in the cloud may not be visible to IT either.

Most IT and IT security professionals (53%) believe the use of cloud services either increases or significantly increases organisations' chances of falling victim to a data breach. The Ponemon Institute said that the cost of data breaches to organisations that store information in the cloud is expected to be greater, on average, than the cost of data breaches in a non-cloud environment.

"An increase in the backup and storage of sensitive and/or confidential customer information in the cloud can cause the most costly breaches," the report said. "Less costly activities occur when the organisation’s use of IaaS or cloud infrastructure increases… The increase in the use of cloud services (SaaS) and the increase in the backup and storage of sensitive and/or confidential information results in the most costly data breaches involving high value IP."