A security accident connected with the cloud generates financial damages for 1.2 million dollars to the great companies.
According to a recent study conducted by Kaspersky Lab, almost 80% of companies globally use at least one platform based on a SaaS (Software-as-a-Service) model, which allows one or more programs to be used in the cloud without having to do maintenance of the software.
In the foreseeable future, around 75% of companies are expected to move more and more applications to the cloud. However, the growing number of adoption of cloud services by companies operating all over the world often comes up against a lack of attention to the levels of cyber security offered by adopted solutions.
STRONG GAP BETWEEN COMPANIES REGARDING DATA SECURITY IN CLOUD
Another study conducted by the Gemalto and Ponemon Institute, confirms the existence of strong differences regarding the attention to the protection of data in the cloud by companies located in different areas of the world and operating in different markets.
The answers provided by over 3,200 professionals in the field of Information Technologies (IT) and the security measures applied to them show that:
- on average, only 40% of data stored on cloud systems are protected with cryptographic and key management solutions;
- 77% of the surveyed organizations acknowledge the importance of implementing cryptographic solutions and systems to protect managed data, and over 90% believe that it will be even more important to use them over the next two years;
- 57% of the respondents believe that using the cloud can increase the likelihood of breaches of privacy and data protection;
- 88% believe that the General Data Protection Regulation (in force from 24 May 2017 and applicable in all EU Member States from 25 May 2018) will require changes in the governance of cloud systems;
- significant changes for 37% of respondents.
Therefore, in the face of the widespread use of cloud systems, the study reveals several gaps in awareness within companies about the services used.
CLOUD STORAGE AND CLOUD COMPUTING: OPPORTUNITY VS RISKS
Cloud storage and Cloud Computing systems are an important asset for companies, but the need to innovate and keep up with new technologies has often led to neglect aspects related to cyber security.
The cloud offers the possibility to easily exploit the most used technologies to support daily operations without concerns about their maintenance or high costs. In Kaspersky Lab’s study, almost half of the large companies (49%) and SMEs (45%) intend to delegate the management of IT infrastructure and processes to third parties.
“The rapid evolution of digital transformation is bringing greater efficiency and flexibility to business operations but also introduces new security challenges that endanger companies,” said Morten Lehn, Managing Director of Kaspersky Lab Italia.
Globally, a cloud-based security incident creates an average financial loss of $ 1.2 million for a large Company while about $ 100,000 for an SME. 42% of companies do not believe they are adequately protected from incidents that could affect their cloud service provider and 24% have undergone at least one security incident in the last year that affected the third-party IT infrastructure. Despite this, 70% of companies that rely on Saas platforms and cloud services do not have a plan to handle any security incidents related to those services.
WHICH FEATURES MUST A CLOUD-BASED SOLUTION HAVE
The growing dispersion of companies makes the cloud an indispensable resource, but at the same time it increases the areas exposed to cyber-attacks aimed at data theft. Sensitive customer information, basic employee information, e-mail and internal communications are the most affected data types.
To reduce risks, it is advisable to focus on cloud solutions that enable to:
- constantly monitor the data managed and identify anomalies at the infrastructural level (integrity checks),
- protect sensitive data with cryptographic systems based on high security standards,
- have clear and transparent contractual conditions and ensure compliance with privacy rules established by the GDPR
- have guarantees, through official certifications, on the quality of the processes and security measures adopted by the provider.