The other problem is that a lot of firms are delegating their cloud services management to employees, not IT, which adds a layer of complexity that's harder to control. You can't control security in the cloud and you are allowing any employee to access the cloud. "A lot of material data breaches are from insecure third parties. You may be a perfectly secure company, but then you team with a small development company in India, and a lot of them are insecure," he said.
One thing not raised by the pros surveyed: a negative experience. Ponemon admitted that none of those surveyed actually cited a direct experience with a data breach or data loss, it was all based on hearsay and negative opinion formed in a vacuum.
Ponemon's report is called "The Multiplier Effect" because when there is a data breach in the cloud, the costs multiply over a regular breach in a company's own network. In every case, there is a net increase in cost and a net increase in the probability of occurrence because of certain events in the cloud. That's because the task of a forensic examination into how the data was lost is increased because third parties are involved.
He notes that cloud storage industry providers are very honest and will tell you they are not responsible for data losses. They don’t indemnify if there is a data breach on their watch. But most of the cloud providers are really trying to tighten up their practices. They realize if they are not secure they will get into big trouble with customers and ultimately regulators.
That's true globally, he added. Many firms are now using cloud storage providers in their nation. Germany in particular is pulling out of U.S.-based providers after the NSA spying allegations.
And, Ponemon notes, the most common cause of breaches is still a negligent person, "a good person who does stupid things," as he put it.
Ponemon recommends that the business units using cloud storage get IT involved in the decision making and deployment process. That is their expertise, after all. And he said to check with a cloud storage provider for their certifications to show their data center is up to a high standard. Ponemon said he looks for three certifications: SOC 2, ISO 27001, and NIST.
Photo courtesy of Shutterstock.