We’ve been talking lately about the multiplier effect of cloud in relation to data breaches. The cloud introduces new dynamics in enterprise IT, including massive cloud app growth, much of it outside of the purview of IT; mobile and BYOD access to cloud apps; and cloud-specific capabilities like sharing, which make it easy for content to get out of an enterprise’s control. Each of these dynamics could be considered a multiplier, or something that increases the probability of a data breach. To take the pulse of the market and quantify this idea, we asked the Ponemon Institute, a foremost expert in data breach research, to conduct a study on the topic. Today we released the results of that study, a first-of-its-kind report called “Data Breach: The Cloud Multiplier Effect.”
Check out the full report or this handy infographic, which points to some of the key learnings from the study.
The study, which is based on a survey of 613 IT and security professionals, finds that increasing use of cloud services can increase the probability of a $20 million data breach by as much as 3x. It also revealed other key findings, including:
- 36 percent of business-critical applications are housed in the cloud, yet IT isn’t aware of nearly half of them;
- 30 percent of business information is stored in the cloud, yet 35 percent of it isn’t visible to IT; and
- For every 1% increase in the use of cloud services, there is a 3% increase in the probability of a data breach.
Is the end nigh? No. There’s a way to re-write this story. As we get smarter in our use of the cloud, we are also getting smarter about what the risks are and how to deal with them. Here are a few ideas:
First, figure out what cloud apps are in your environment and how enterprise-ready they are. This is a big step toward mitigating risk of a data breach because you know what you’re dealing with and can triage the most important apps first. These important apps may include: 1. Systems of record or at least business-critical apps. This could be your salesforce automation, renewal and billing, or salary and performance