Despite Cost, Organizations Prefer to Store Data in the Cloud
According to a new survey from B2B research firm Clutch, businesses prefer to store data in the cloud instead of using on-premises legacy systems. That preference, however, is costing them a lot as they pay for added security features.
More than half of respondents say they spend at least $100,000 per year on cloud security, with 22 percent of organizations spending at least $500,000 and 8 percent spending $1 million or more. Meanwhile, 65 percent of respondents follow security guidelines from the Cloud Security Alliance. Encryption polled as the most popular added security feature.
The Clutch report attributes the added costs to gaps between what cloud services providers offer and what they consider to be the customer’s responsibility. Features like identity and access management, end-point protection and application security fall outside the purview of many large infrastructure-as-a-service providers.
Considering the cost of security incidents and data breaches, organizations have no choice but to invest in added security. According to research from IBM and the Ponemon Institute, the cost of a data breach averages $141 per stolen record and $3.62 million per incident. Although the dollar-per-dollar cost of data breaches has dropped thanks to strong performance from the U.S. dollar, the average number of records stolen has increased 1.8 percent to 24,000 records per incident.
Security Responsibility in the Cloud
Organizations tend to prefer cloud data storage to on-premises storage because they assume the cloud services provider handles security. In a recent blog post, Barracuda Networks noted a disconnect between what cloud services providers actually protect and what organizations think they protect.
According to Barracuda, 64 percent of IT leaders assume cloud providers are securing customer data. They also assume providers are securing applications and operating systems — but major providers’ service-level agreements say differently. Organizations face their biggest cloud security risks and expenditures within these cracks.
Most IT leaders understand that in highly regulated industries like health care, failure to cover all security bases can lead to significant fines and penalties. According to a white paper by Protenus, health care data breaches cost $6.2 billion annually. However, some leaders fail to recognize that even though they may not operate within the health care industry, they still have a responsibility to protect employees’ personal health information under major regulations. This responsibility is particularly critical for organizations that perform business services for health care organizations.
To identify these risks, companies can work with a security vendor to review cloud provider SLAs. An outside analyst can identify what cloud providers cover and what they don’t and diagnose how well organizations are minding those gaps. Then, organizations can add the required security features.
Cloud Data Storage Advantages
Despite the added costs of certain cloud security services, many organizations are still better off storing data in the cloud and not in their own systems. Cloud service providers take care of securing their own resources, which takes a big responsibility off their customers’ shoulders — particularly as most organizations can’t match a hyperscale cloud provider’s security expertise.
Once companies are clear on what cloud providers take care of and what they don’t, they can make smart and financially predictable security investments. It’s always better to invest in security on the front end instead of risking the cost of a data breach.