Light Dark
August 18, 2016 By Diana Kelley 3 min read
Cloud Security
Data Protection

Are cloud security tools worth the investment? Determining if any security tool is worth the cost can be tough because proving return on security investments isn’t easy. While time-saving efficiencies, such as single sign-on tools, are relatively simple to quantify, it is far more challenging to calculate the amount of money saved by a preventative measure.

There’s also the perception factor. Specifically, we notice what impacts us directly, and the avoidance of a breach doesn’t feel like a tangible impact even though it is a very positive one.

So are those cloud security tools worth it? Of course, it depends on a number of factors, including the type of tools, how they’re configured and how they’re implemented. But looking at data from the Ponemon Institute’s “2016 Cost of Data Breach Study” might give us some general insights.

Some Tools Pay for Themselves

The annual report quantifies the economic impacts of data breaches and observes cost trends over time. Understanding the real costs of these breaches and learning which tools and processes helped companies keep recovery costs down can provide hard-dollar inputs to professionals planning and optimizing their security programs.

This year’s report showed that certain tools, such as encryption and data loss prevention (DLP), could bring significant cost savings: $13 and $8 per record, respectively. Consider an example company that has deployed encryption extensively, then suffered a midsize breach of 50,000 lost records. Using study data, the use of encryption saves an average of $650,000. If the total cost of the encryption tools was under $650,000, they paid for themselves; if it was significantly under $650,000, they may have saved the company a large chunk of change.

Identifying the Right Cloud Security Tools

The report also identified areas that negatively impacted the recovery costs post-breach. The two most expensive factors were third-party involvement, which increased the cost by $14 per record, and extensive cloud migration, which increased the cost by $12 per record.

Let’s go back to the company that lost 50,000 records but decreased its recovery cost by $650,000 because it had deployed encryption. If that same company had extensively migrated to cloud, using the numbers from the study data, we can calculate that they’d have increased the recovery cost by $600,000 for that breach.

Is $12 the Whole Story?

Twelve dollars is not the whole story. Although it’d be neat and pretty to draw a straight line between survey data and real-world savings, the reality isn’t quite as simple. The Ponemon number is an excellent data point to consider, but it’s an aggregate based on all the survey respondents. Each company would need to answer another set of survey questions to hone in on the specifics of the breach as it relates to recovery cost and cloud adoption, such as:

  • Was the cloud itself the cause for the increased cost?
  • Was data breached from the cloud or from an on-premises source?
  • Was it a public, private or hybrid cloud?
  • Was the company using SaaS, IaaS or PaaS?

The inability to make a perfect, laser-focused prediction, however, doesn’t mean the $12 number isn’t valuable to consider; it absolutely is. It highlights that cloud adoption impacted data breach costs — there was a cost, and it was a fairly significant one on a per-record basis.

Apply Best Practices to the Cloud

So how can we extend data protection to our cloud deployments and, hopefully, drive down the cost of a data breach? Going back to the report, a few notable tools and practices brought down the cost of breach recovery, such as use of encryption, DLP and data classification.

These aren’t surprises: All of those are common elements of a strong data protection program. But failure to extend data best practices to the cloud may be leading to the cloud tax on data breach costs. If you’re not meeting or exceeding all of your data protection levels in your cloud environment, you’re putting the data at unnecessary risk.

Is Cloud Security Worth It?

Do data protection and controls for on-premises data extend explicitly to the cloud? Have you undertaken self-examination and analysis to determine if that is the case? Are you encrypting the cloud data at rest? Are you managing access to cloud data?

If your answers aren’t coming up yes, price out the cost of a solution such as encryption or a cloud access enforcement tool. If you can implement those solutions for less than $12 a record, there’s a good chance they’ll be paying your organization back not just in a better data protection posture and compliance readiness, but also in the unfortunate event of a breach. That, for most organizations, makes cloud security tools that protect data worthwhile indeed.

Read the complete 2016 Ponemon Institute Global Cost of a Data Breach Study

 |  |  |  | 
Diana Kelley
Executive Security Advisor, IBM Security

More from Cloud Security
November 1, 2023

What is data security posture management?

3 min read - Do you know where all your organization’s data resides across your hybrid cloud environment? Is it appropriately protected? How sure are you? 30%? 50%? It may not be enough. The Cost of a Data Breach Report 2023 revealed that 82% of breaches involved data in the cloud, and 39% of breached data was stored across multiple types of environments. If you have any doubt, your enterprise should consider acquiring a data security posture management (DSPM) solution. With the global average…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

October 3, 2023

The importance of Infrastructure as Code (IaC) when Securing cloud environments

4 min read - According to the 2023 Thales Data Threat Report, 55% of organizations experiencing a data breach have reported “human error” as the primary cause. This is further compounded by organizations now facing attacks from increasingly sophisticated cyber criminals with a wide range of automated tools. As organizations move more of their operations to the cloud, they must also become increasingly aware of the security risks and threats that come with it. It’s not enough anymore to simply have a set of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature