Achieving Data Privacy in the Cloud

Size: px
Start display at page:

Download "Achieving Data Privacy in the Cloud"

Transcription

1 Achieving Data Privacy in the Cloud Study of Information Technology Privacy and Compliance of Small to Medium-Sized Organizations in germany Sponsored by microsoft Independently Conducted by Ponemon Institute LLC June 2012 Ponemon Institute Research Report

2 Achieving Data Privacy in the Cloud: Germany Contents Executive Summary 2 Key Findings 3 Perceptions about privacy, data protection, and the use of cloud resources 3 Cloud computing is considered an important part of IT operations 3 Organizational commitment to privacy and data protection in the cloud 3 Impact of sufficiency of privacy practices on selection of cloud providers 4 The state of cloud computing in organizations 5 Cloud computing is now an integral part of IT 5 Although cloud computing is increasing rapidly, it does not seem to affect organizational privacy commitments 6 Organizations rely on cloud provider contracts and self-assessments in the vetting process 7 Certain assurances from cloud vendors influence organizational decisions to purchase services 8 Understand the types of confidential information that are too risky to be used or stored in the cloud 9 Country differences in cloud privacy 10 Confidence about data privacy in the cloud 10 The impact of cloud service privacy practices on purchase decisions 11 Conclusion 12 Method 13 Survey Limitations 14 1

3 Executive Summary The goal of the study was to better understand what business decisionmakers in small and medium-sized organizations think about privacy as they adopt cloud computing. Specifically, we wanted to determine their concerns about cloud computing related to privacy and how cloud providers can ameliorate them. More than half (56 percent) of respondents say their organizations are moderate or heavy users of cloud computing resources and they expect their use of cloud resources to increase over the next two years, even though they are concerned about how they will manage data privacy in the cloud. The research also found that the privacy reputation and practices of cloud computing providers figure prominently into cloud computing purchasing decisions. Seventy-six percent of respondents stated that privacy influenced their choice of providers. Cloud provider privacy practices cited as particularly important are: Disclosure of physical location of data (61 percent of respondents) Strict processes to separate customer data (58 percent) Agreement not to mine customer data for advertising (50 percent) Provides European Union model clauses as contractual agreements (43 percent) With organizations increasingly moving to the cloud, it is becoming more important to ensure that privacy commitments and obligations are met. Fifty-six percent of respondents say they are confident that their organization is capable of achieving privacy when deploying cloud applications or services. The Ponemon Institute surveyed 1,771 individuals in positions within IT, compliance, data security, risk management, and privacy in the United States, Germany, and the Nordic countries (Denmark, Finland, Norway, and Sweden), and created three separate reports. This report focuses on Germany, where Ponemon surveyed 668 individuals who had, on average, approximately 10 years of business experience. More than half (52 percent) report to the Chief Information Officer, followed by 17 percent who report to the Compliance Officer and 16 percent who report to the Chief Information Security Officer. Topics addressed in this study > Perceptions about privacy, data protection, and the use of cloud resources > The state of cloud computing in small and medium-sized organizations > Country differences in attitudes about cloud computing and privacy In the following sections, we present an analysis of the most salient findings of this research, as well as recommendations to help organizations improve privacy in the cloud. The complete findings of this research are presented in the appendix to this report. 2

4 Perceptions about privacy, data protection, and the use of cloud resources Cloud computing is considered an important part of IT operations Fifty-six percent of organizations in this study make either heavy or moderate use of cloud computing. Only 17 percent say their use is light. The majority (52 percent) use public cloud services, though there is also some use of private cloud services (39 percent). Reliance on cloud computing is also expected to increase, as 84 percent of respondents expect cloud computing to be either important, very important, or essential to their organizations in two years, up from 66 percent who view cloud computing that way today. Organizational commitment to privacy and data protection in the cloud Seventy-three percent of respondents say their organizations are committed to protecting confidential or sensitive information. Thus, the majority of respondents say their organizations are taking the following positive actions, as shown in Figure 1. figure 1 ACTIONS THAT ARE PRACTICED TO PROTECT DATA AND PRIVACY IN THE CLOUD Extremely careful about sharing confidential or sensitive personal information with third parties, including cloud providers respect the privacy rights of customers, employees, consumers, and other stakeholders proactive compliance management with privacy and data protection laws, regulations, and other requirements establish clearly defined accountability for safeguarding confidential or sensitive personal information assess the impact that the use of cloud computing has on their privacy commitments and obligations determine what personal data is too sensitive for the cloud environment vigilant in assessing the inherent risks when using or storing personal data in the cloud environment 65% 62% 58% 58% 55% 73% 69% 3

5 Perceptions about privacy, data protection, and the use of cloud resources Based on steps taken to advance privacy practices in their organizations, 56 percent of respondents are confident that their organizations are capable of meeting their privacy commitments when deploying cloud applications or services. Impact of sufficiency of privacy practices on selection of cloud providers As shown in Figure 2, 76 percent of respondents say their organizations do consider the level of commitment a cloud provider has for achieving privacy in the cloud when they are making purchasing decisions, including 45 percent who say privacy policies had a significant or very significant impact. figure 2 Impact of cloud provider s privacy policies and practices on SELECTION OF CLOUD PROVIDERS some to significant impact 58% 18% very significant impact 21% 3% unsure no impact Figure 3 shows the privacy features and policies of cloud providers regarded as very important or important when evaluating a cloud provider s commitment to privacy. Specifically, 61 percent of respondents believe disclosure of physical location of data is critical, 58 percent want strict processes to separate customer data from other customers, 50 percent of respondents want cloud providers not to mine customer data for advertising purposes, and 43 percent say providing European Union s model clauses as contractual agreements is important. figure 3 Important issues that determine the cloud providers commitment to privacy VERY IMPORTANT AND IMPORTANT RESPONSES COMBINED the cloud provider discloses the physical location of data storage the cloud provider has processes in place to ensure that customer data is separate from that of other customers the cloud provider agrees not to mine customer data the cloud provider provides european Union s model clauses as contractual agreements 61% 58% 50% 43% 4

6 The state of cloud computing in organizations Cloud computing is now an integral part of IT Figure 4 reveals that 66 percent of respondents say that cloud computing applications or services are essential or important to meeting their organization s IT and data processing objectives today. This percentage is expected to increase to 84 percent 24 months from now. figure 4 Importance of cloud computing in meeting Information technology and data processing objectives today 5% 7% 24 months from now 34% 23% 38% 43% 30% 13% 4% 3% essential very important important not important irrelevant As shown in Figure 5, the top three cloud computing applications used in German small-to-medium businesses (SMBs) today are infrastructure applications such as online backup, security, and archiving; business applications like CRM and webmail; and peer-to-peer applications such as instant messaging. figure 5 Cloud computing applications currently in use more than one choice permitted infrastructure applications business applications peer-to-peer social media applications 74% 56% 46% 38% we don t use cloud solution stacks services storage other applications or services 28% 17% 9% 36% 3% 5

7 The state of cloud computing in organizations The anticipated growth in cloud computing is shown in Figure 6. Based on an extrapolated average, cloud computing resources meet 23 percent of organizations total IT and data processing requirements, and this is expected to increase to 37 percent over the next 24 months. figure 6 percentage of information technology requirements met by cloud computing today 24 months from now 32% 21% 23% 9% 14% 19% 11% 6% 7% 9% 12% 5% 6% 11% 0% 7% 2% 1% 1% 5% none <10% 11% 20% 21% 30% 31% 40% 41% 50% 51% 60% 61% 70% 71% 80% >80% Although use of cloud computing is increasing rapidly, it does not seem to affect organizational privacy commitments figure 7 IMPACT OF CLOUD COMPUTING ON ORGANIZATIONAL responsibility to safeguard information Only 35 percent of respondents say the use of cloud resources increases their organization s responsibility to safeguard customer, employee, consumer, and other stakeholders personal information. Figure 7 also shows that 47 percent of respondents say it does not impact their organization s responsibility. It seems, therefore, that organizations are relying on the cloud provider to ensure the security of their sensitive data when deployed to the cloud. cloud computing does not affect our responsibility 47% 18% 35% cloud resources decrease our responsibility cloud resources increase our responsibility 6

8 The state of cloud computing in organizations Organizations rely on cloud provider contracts, third-party audit reports, and self-assessments in the vetting process Fifty-one percent of respondents say their organizations evaluate cloud applications for privacy and data protection considerations before engagement or deployment by their end users. As shown in Figure 8, the top three steps organizations take to vet cloud providers are contractual negotiation and legal review (64 percent), proof of compliance such as an audit report (52 percent), and self-assessment checklist or questionnaire completed by the provider (39 percent). As shown in Figure 10, to secure sensitive and confidential data, the majority of respondents say they rely on assurances from the cloud provider (70 percent) or reliance on contractual agreements with the cloud provider (59 percent). Only 40 percent say they use conventional data security tools such as encryption to protect information in the cloud. figure 8 Methods for vetting or evaluating cloud providers more than one choice permitted 64% 52% 39% contractual negotiation and legal review proof of compliance Further, 38 percent say they look at adherence to a certification standard and they consider SAS-70 (which is currently being replaced by the SSAE 16 standard) and PCI DSS as the certifications most important for evaluating cloud providers (51 percent and 48 percent, respectively). Forty-three percent say the ISO certification is most important (Figure 9). figure 9 Most important certifications used when evaluating cloud providers two choices permitted sas-70 pci dss iso other 2% 51% 48% 43% figure 10 Methods for securing confidential or sensitive personal information in the cloud more than one choice permitted we rely on assurances from the cloud provider 70% self-assessment checklist completed by provider we rely on contractual agreements with the cloud provider 59% we use conventional data security tools to protect information 40% we buy additional security services provided by the cloud provider 10% don t know 9% other 2% 7

9 The state of cloud computing in organizations Certain assurances from the cloud vendor influence organizational decisions to purchase services As discussed previously, 76 percent of respondents say that the privacy policies and practices of their cloud providers would impact their cloud purchasing decisions, so there are certain assurances that could make a difference. Figure 11 shows that 79 percent of respondents would be much less likely or less likely to purchase cloud services if the cloud vendor reported a material data breach involving the loss or theft of sensitive or confidential personal information. figure 11 The impact of a material data breach on the decision to use a cloud provider much less likely to buy cloud services 45% 34% less likely to buy cloud services 4% 17% unsure no effect on the decision to buy cloud services 8

10 The state of cloud computing in organizations Sixty percent of respondents say assurances from a bona fide and credible third party that the cloud vendor meets all privacy and data protection requirements, including regulations and laws in various countries, would make them much more or more likely to purchase cloud services (Figure 12). Forty-two percent say their decision to buy would improve if a third party provided assurance that the cloud provider meets privacy and protection requirements. figure 12 Conditions that affect the decision to use a cloud provider Third party provides assurance that the cloud provider meets privacy and protection requirements THE CLOUD PROVIDER AGREES to meet all privacy and data protection requirements 17%15% 43% 27% 35% 55% 5% 3% much more likely to buy cloud services more likely to buy cloud services no effect on the decision to buy cloud services unsure The following findings discuss what practices would help organizations achieve privacy in the cloud and what organizations are doing. Understand the types of confidential information that are too risky to be used or stored in the cloud As shown in Figure 13, the types of data that German SMBs are most concerned about putting in the cloud are health records (67 percent); intellectual property such as source code, design plans, and architectural renderings (63 percent); and employee records (56 percent). figure 13 Information too risky to be used in the cloud more than one choice permitted 67% 51% 29% 2% health records research data customer account information other 63% 39% 24% 29% intellectual property customer payments non-financial business information none of the above 56% 37% 9% employee records financial business information consumer data 9

11 Country differences in cloud privacy In this study, Ponemon Institute surveyed 1,771 individuals in IT, compliance, data security, risk management and privacy in the United States, Germany and the Nordic countries (Denmark, Finland, Norway, and Sweden). In this section, we present some of the most salient differences that emerged in this research. Confidence about data privacy in the cloud. figure 14 Confidence that privacy obligations are met when deploying cloud applications VERY CONFIDENT AND CONFIDENT RESPONSES COMBINED u.s. germany nordic countries 39% 56% 46% How does confidence in meeting privacy commitments when deploying cloud applications or services differ among countries in this study? As Figure 14 shows, German respondents are far more confident that their organizations can fulfill their privacy obligations when deploying cloud services than respondents in the United States. 10

12 The state of cloud computing in organizations The impact of cloud service privacy practices on purchase decisions Impressions about a cloud service provider s commitment to privacy has the most impact among respondents in Germany and the Nordic countries, according to Figure 15. figure 15 Impact of cloud provider s privacy policies and practices on SELECTION OF CLOUD PROVIDER u.s. germany nordics very significant impact unsure 12% 18% 21% significant impact some impact no impact 3% 3% 5% 18% 27% 28% 29% 31% 31% 38% 21% 14% As shown in Figure 16, SMBs in the U.S. and Germany want cloud providers to disclose the physical location of data storage, including the location of replicated or backed-up data files. In the Nordic countries, it is most important that the cloud provider has strict processes and procedures in place to ensure that customer data is separate from other customers. figure 16 Important issues that determine the cloud provider s commitment to privacy Very important and important responses combined u.s. germany nordic countries the cloud provider discloses the physical location of data storage 62% 61% 53% the cloud provider has processes in place to ensure that customer data is separate from that of other customers 54% 58% the cloud provider agrees not to mine customer data 44% 50% the cloud provider uses european union s model clauses as contractual agreements 24% 43% 56% 49% 35% 11

13 Conclusion Achieving privacy in the cloud is a challenge for all organizations. We recommend that organizations assess the specific, proactive steps they can take to protect sensitive information in the cloud, such as: Create policies and procedures that clearly state the importance of protecting sensitive information stored in the cloud. The policy should outline what kinds of information are considered sensitive and proprietary. Evaluate the security posture of third parties before sharing confidential or sensitive information. As part of the process, corporate IT or IT security experts should conduct a thorough review and audit of the vendor s security qualifications. Train employees to mitigate the security risks specific to cloud technology to make sure that sensitive and confidential information is not threatened. Establish an organizational structure that allows the CIO, CISO, or other security and privacy leaders to participate actively in the vetting, purchasing, and implementing processes to ensure that they are handled appropriately. If appropriate, establish a functional role dedicated to informationgovernance oversight to better protect the business. Define a policy that governs the protection of sensitive and confidential data and applications that organizations put in the cloud. Ponemon Institute also recommends that cloud computing providers offer greater transparency into their security infrastructure to help ensure customer confidence that information stored in the cloud is secure. 12

14 Method Table 1 reports the sample frame of 21,005 individuals in Germany who have bona fide credentials in the IT, compliance, data security, risk management, and privacy fields. In total, 699 respondents completed the survey. Of the returned instruments, 31 surveys failed reliability checks. A total of 668 surveys were used as the final sample, which represents a 3.2 percent response rate. table 1 GERMAN SAMPLE RESPONSE RESPONDENTS PERCENTAGE SAMPLING FRAME 21, % INVITATIONS SENT 20, % TOTAL RETURNS % TOTAL REJECTS % FINAL SAMPLE % Pie Chart 1 summarizes the approximate position levels of respondents in our study. The majority (61 percent) of respondents are at or above the supervisory level. The average experience in IT or IT security is 9.6 years. pie chart 1 Distribution of respondents according to position level staff or technician supervisor manager 39% 21% 19% 3% 4% 14% senior executive vice president director Pie Chart 2 reports the respondents primary industry segments. Fifteen percent of respondents are in the financial services, which includes banking, investment management, insurance, brokerage, payments, and credit cards. Another 14 percent are in public sector organizations, including central and local government, and 10 percent are in retail. pie chart 2 Distribution of respondents according to primary industry classification industrial services health and pharmaceutical technology and software retail public sector financial services 6% 7% 9% 9% 10% 14% 15% 5% 5% 5% 4% 3% 3% 6% consumer products education and research hospitality and leisure communications defense transportation other Pie Chart 3 shows that more than half of the respondents (58 percent) report to the Chief Information Officer or Chief Information Security Officer. pie chart 3 Distribution of respondents according to position level they report to chief information officer compliance officer chief information security officer 52% 17% 16% 6% 5% 2% 2% chief technology officer chief risk officer chief financial officer human resources leader 13

15 Survey Limitations There are inherent limitations to survey research that must be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias. The findings are based on a sample of survey returns. The researchers sent surveys to a representative sample of individuals, resulting in the return of a large number of usable responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different from those who completed the survey in terms of underlying beliefs. Sampling-frame bias. Research accuracy is based on contact information and the degree to which the list is representative of individuals who are knowledgeable about protecting data in the cloud environment. The researchers recognize that the results may be biased by external events such as media coverage. They also acknowledge that there may be bias because subjects were compensated for completing the surveys. Self-reported results. The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not respond truthfully. 14

16

Understanding Security Complexity in 21 st Century IT Environments:

Understanding Security Complexity in 21 st Century IT Environments: Understanding Security Complexity in 21 st Century IT Environments: A study of IT practitioners in the US, UK, France, Japan & Germany Sponsored by Check Point Software Technologies Independently conducted

More information

Reputation Impact of a Data Breach U.S. Study of Executives & Managers

Reputation Impact of a Data Breach U.S. Study of Executives & Managers Reputation Impact of a Data Breach U.S. Study of Executives & Managers Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon

More information

Challenges of Cloud Information

Challenges of Cloud Information The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: March 2013 Ponemon Institute Research Report

More information

Is Your Company Ready for a Big Data Breach?

Is Your Company Ready for a Big Data Breach? Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication

More information

Data Breach: The Cloud Multiplier Effect

Data Breach: The Cloud Multiplier Effect Data Breach: The Cloud Multiplier Effect Sponsored by Netskope Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Part 1. Introduction Data Breach:

More information

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution

Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report

More information

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Security of Paper Records & Document Shredding. Sponsored by Cintas. Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Security of Paper Records & Document Shredding Sponsored by Cintas Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction

More information

The Cost of Web Application Attacks

The Cost of Web Application Attacks The Cost of Web Application Attacks Sponsored by Akamai Technologies Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report Part 1. Introduction The

More information

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015

The State of Data Security Intelligence. Sponsored by Informatica. Independently conducted by Ponemon Institute LLC Publication Date: April 2015 The State of Data Security Intelligence Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report The State of Data Security

More information

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners

The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners The Security of Cloud Infrastructure Survey of U.S. IT and Compliance Practitioners Sponsored by Vormetric Independently conducted by Ponemon Institute LLC Publication Date: November 2011 Ponemon Institute

More information

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014

Achieving Security in Workplace File Sharing. Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Achieving Security in Workplace File Sharing Sponsored by Axway Independently conducted by Ponemon Institute LLC Publication Date: January 2014 Ponemon Institute Research Report Part 1. Introduction Achieving

More information

Cloud Security: Getting It Right

Cloud Security: Getting It Right Cloud Security: Getting It Right Sponsored by Armor Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute Research Report Cloud Security: Getting It Right Ponemon

More information

Data Security in Development & Testing

Data Security in Development & Testing Data Security in Development & Testing Sponsored by Micro Focus Independently conducted by Ponemon Institute LLC Publication Date: July 31, 2009 Ponemon Institute Research Report Data Security in Development

More information

Global Insights on Document Security

Global Insights on Document Security Global Insights on Document Security Sponsored by Adobe Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report Global Insights on Document Security

More information

Third Annual Study: Is Your Company Ready for a Big Data Breach?

Third Annual Study: Is Your Company Ready for a Big Data Breach? Third Annual Study: Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: October 2015 Ponemon Institute

More information

Security of Cloud Computing Users Study

Security of Cloud Computing Users Study Security of Cloud Computing Users Study Sponsored by CA Technologies Independently conducted by Ponemon Institute, LLC Publication Date: March 2013 Security of Cloud Computing Users Study March 2013 Part

More information

The SQL Injection Threat Study

The SQL Injection Threat Study The SQL Injection Threat Study Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: April 2014 1 The SQL Injection Threat Study Presented by Ponemon Institute, April

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

Encryption in the Cloud

Encryption in the Cloud Encryption in the Cloud Who is responsible for data protection in the cloud? Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute

More information

2012 Application Security Gap Study: A Survey of IT Security & Developers

2012 Application Security Gap Study: A Survey of IT Security & Developers 2012 Application Gap Study: A Survey of IT & s Research sponsored by Innovation Independently Conducted by Ponemon Institute LLC March 2012 1 2012 Application Gap Study: A Survey of IT & s March 2012 Part

More information

Security of Cloud Computing Providers Study

Security of Cloud Computing Providers Study Security of Cloud Computing Providers Study Sponsored by CA Technologies Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report I. Executive Summary

More information

The State of USB Drive Security

The State of USB Drive Security The State of USB Drive Security U.S. survey of IT and IT security practitioners Sponsored by Kingston Independently conducted by Ponemon Institute LLC Publication Date: July 2011 Ponemon Institute Research

More information

The State of Mobile Application Insecurity

The State of Mobile Application Insecurity The State of Mobile Application Insecurity Sponsored by IBM Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1. Introduction The State

More information

A Study of Retail Banks & DDoS Attacks

A Study of Retail Banks & DDoS Attacks A Study of Retail Banks & DDoS Attacks Sponsored by Corero Network Security Independently conducted by Ponemon Institute LLC Publication Date: December 2012 Ponemon Institute Research Report A Study of

More information

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: August 2013

More information

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security

Understaffed and at Risk: Today s IT Security Department. Sponsored by HP Enterprise Security Understaffed and at Risk: Today s IT Security Department Sponsored by HP Enterprise Security Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute Research

More information

The State of Data Centric Security

The State of Data Centric Security The State of Data Centric Security Sponsored by Informatica Independently conducted by Ponemon Institute LLC Publication Date: June 2014 Ponemon Institute Research Report State of Data Centric Security

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part 2: Roadblocks, Refresh and Raising the Human Security IQ Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication

More information

The Importance of Cyber Threat Intelligence to a Strong Security Posture

The Importance of Cyber Threat Intelligence to a Strong Security Posture The Importance of Cyber Threat Intelligence to a Strong Security Posture Sponsored by Webroot Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research Report

More information

The Challenge of Preventing Browser-Borne Malware

The Challenge of Preventing Browser-Borne Malware The Challenge of Preventing Browser-Borne Malware Sponsored by Spikes Security Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report Part 1.

More information

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin

Risk & Innovation in Cybersecurity Investments. Sponsored by Lockheed Martin Risk & Innovation in Cybersecurity Investments Sponsored by Lockheed Martin Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report Part 1. Introduction

More information

The SQL Injection Threat & Recent Retail Breaches

The SQL Injection Threat & Recent Retail Breaches The SQL Injection Threat & Recent Retail Breaches Sponsored by DB Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2014 1 Part 1. Introduction The SQL Injection Threat &

More information

Corporate Data: A Protected Asset or a Ticking Time Bomb?

Corporate Data: A Protected Asset or a Ticking Time Bomb? Corporate Data: A Protected Asset or a Ticking Time Bomb? Sponsored by Varonis Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report Corporate

More information

The Unintentional Insider Risk in United States and German Organizations

The Unintentional Insider Risk in United States and German Organizations The Unintentional Insider Risk in United States and German Organizations Sponsored by Raytheon Websense Independently conducted by Ponemon Institute LLC Publication Date: July 2015 2 Part 1. Introduction

More information

Compliance Cost Associated with the Storage of Unstructured Information

Compliance Cost Associated with the Storage of Unstructured Information Compliance Cost Associated with the Storage of Unstructured Information Sponsored by Novell Independently conducted by Ponemon Institute LLC Publication Date: May 2011 Ponemon Institute Research Report

More information

The Impact of Cybercrime on Business

The Impact of Cybercrime on Business The Impact of Cybercrime on Business Studies of IT practitioners in the United States, United Kingdom, Germany, Hong Kong and Brazil Sponsored by Check Point Software Technologies Independently conducted

More information

Aftermath of a Data Breach Study

Aftermath of a Data Breach Study Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath

More information

Security of Cloud Computing Users A Study of Practitioners in the US & Europe

Security of Cloud Computing Users A Study of Practitioners in the US & Europe Security of Cloud Computing Users A Study of Practitioners in the US & Europe Sponsored by CA Independently conducted by Ponemon Institute LLC Publication Date: 12 May 2010 Ponemon Institute Research Report

More information

The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan

The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan The TCO for Full Disk Encryption Studies in the US, UK, Germany & Japan Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: July 2012 Ponemon Institute Research Report

More information

Electronic Health Information at Risk: A Study of IT Practitioners

Electronic Health Information at Risk: A Study of IT Practitioners Electronic Health Information at Risk: A Study of IT Practitioners Sponsored by LogLogic Conducted by Ponemon Institute LLC October 15, 2009 Ponemon Institute Research Report Executive summary Electronic

More information

Data Security in the Evolving Payments Ecosystem

Data Security in the Evolving Payments Ecosystem Data Security in the Evolving Payments Ecosystem Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report

More information

The Security Impact of Mobile Device Use by Employees

The Security Impact of Mobile Device Use by Employees The Security Impact of Mobile Device Use by Employees Sponsored by Accellion Independently conducted by Ponemon Institute LLC Publication Date: December 2014 Ponemon Institute Research Report The Security

More information

2014: A Year of Mega Breaches

2014: A Year of Mega Breaches 2014: A Year of Mega Breaches Sponsored by Identity Finder Independently conducted by Ponemon Institute LLC Publication Date: January 2015 Ponemon Institute Research Report Part 1. Introduction 2014: A

More information

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T

The Cost of Insecure Mobile Devices in the Workplace Sponsored by AT&T The Cost of Insecure Mobile Devices in the Workplace! Sponsored by AT&T Independently conducted by Ponemon Institute LLC Publication Date: March 2014 Part 1. Introduction The Cost of Insecure Mobile Devices

More information

National Survey on Data Center Outages

National Survey on Data Center Outages National Survey on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Part 1. Executive Summary National Survey on Data Center Outages Ponemon Institute,

More information

The TCO of Software vs. Hardware-based Full Disk Encryption Summary

The TCO of Software vs. Hardware-based Full Disk Encryption Summary The TCO of vs. -based Full Disk Encryption Summary Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research Report

More information

Privileged User Abuse & The Insider Threat

Privileged User Abuse & The Insider Threat Privileged User Abuse & The Insider Threat Commissioned by Raytheon Company Independently conducted by Ponemon Institute LLC Publication Date: May 2014 1 Privileged User Abuse & The Insider Threat Ponemon

More information

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage

What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage What You Don t Know Will Hurt You: A Study of the Risk from Application Access and Usage Sponsored by ObserveIT Independently conducted by Ponemon Institute LLC June 2015 Ponemon Institute Research Report

More information

Defining the Gap: The Cybersecurity Governance Study

Defining the Gap: The Cybersecurity Governance Study Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining

More information

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S.

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Perceptions About Network Security Survey of IT & IT security practitioners in the U.S. Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: June 2011 Ponemon

More information

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA

Sponsored by Zimbra. The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA The Open Source Collaboration Study: Viewpoints on Security & Privacy in the US & EMEA Sponsored by Zimbra Independently conducted by Ponemon Institute LLC Publication Date: November 2014 Ponemon Institute

More information

Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data

Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Data Loss Risks During Downsizing As Employees Exit, so does Corporate Data Independently conducted by Ponemon Institute LLC Publication Date: February 23, 2009 Sponsored by Symantec Corporation Ponemon

More information

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners

Global Survey on Social Media Risks Survey of IT & IT Security Practitioners 0 Global Survey on Social Media Risks Survey of IT & IT Security Practitioners Sponsored by Websense Independently conducted by Ponemon Institute LLC Publication Date: September 2011 1 Global Survey on

More information

Efficacy of Emerging Network Security Technologies

Efficacy of Emerging Network Security Technologies Efficacy of Emerging Network Security Technologies Sponsored by Juniper Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part

More information

Security Metrics to Manage Change: Which Matter, Which Can Be Measured?

Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Security Metrics to Manage Change: Which Matter, Which Can Be Measured? Sponsored by FireMon Independently conducted by Ponemon Institute LLC Publication Date: April 2014 2 Security Metrics to Manage Change:

More information

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA)

Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Perceptions about the Potential Expiration of The Terrorism Risk Insurance Act (TRIA) Sponsored by Property Casualty Insurers Association of America Independently conducted by Ponemon Institute LLC Publication

More information

The Importance of Senior Executive Involvement in Breach Response

The Importance of Senior Executive Involvement in Breach Response The Importance of Senior Executive Involvement in Breach Response Sponsored by HP Enterprise Security Services Independently conducted by Ponemon Institute LLC Publication Date: October 2014 The Importance

More information

Advanced Threats in Retail Companies: A Study of North America & EMEA

Advanced Threats in Retail Companies: A Study of North America & EMEA Advanced Threats in Companies: A Study of North America & EMEA Sponsored by Arbor Networks Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Ponemon Institute Research Report

More information

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States

How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States How Single Sign-On Is Changing Healthcare A Study of IT Practitioners in Acute Care Hospitals in the United States Sponsored by Imprivata Independently conducted by Ponemon Institute LLC Publication Date:

More information

2015 Global Study on IT Security Spending & Investments

2015 Global Study on IT Security Spending & Investments 2015 Study on IT Security Spending & Investments Independently conducted by Ponemon Institute LLC Publication Date: May 2015 Sponsored by Part 1. Introduction Security risks are pervasive and becoming

More information

2015 Global Megatrends in Cybersecurity

2015 Global Megatrends in Cybersecurity 2015 Global Megatrends in Cybersecurity Sponsored by Raytheon Independently conducted by Ponemon Institute LLC Publication Date: February 2015 Ponemon Institute Research Report 2015 Global Megatrends in

More information

The Fraud Report: How Fake Users Are Impacting Business

The Fraud Report: How Fake Users Are Impacting Business The Fraud Report: How Fake Users Are Impacting Business Sponsored by TeleSign Independently conducted by Ponemon Institute LLC Publication Date: November 2015 Ponemon Institute Research Report The Fraud

More information

Breaking Bad: The Risk of Insecure File Sharing

Breaking Bad: The Risk of Insecure File Sharing Breaking Bad: The Risk of Insecure File Sharing Sponsored by Intralinks Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research Report Breaking Bad: The

More information

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations

The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations The Billion Dollar Lost Laptop Problem Benchmark study of U.S. organizations Independently conducted by Ponemon Institute LLC Publication Date: 30 September 2010 Ponemon Institute Research Report Part

More information

The Role of Governance, Risk Management & Compliance in Organizations

The Role of Governance, Risk Management & Compliance in Organizations The Role of Governance, Risk Management & Compliance in Organizations Study of GRC practitioners Sponsored by RSA, The Security Division of EMC Independently conducted by Ponemon Institute LLC Publication

More information

Third Annual Survey on Medical Identity Theft

Third Annual Survey on Medical Identity Theft Third Annual Survey on Medical Identity Theft Sponsored by Experian s ProtectMyID Independently conducted by Ponemon Institute LLC Publication Date: June 2012 Ponemon Institute Research Report Part 1:

More information

2015 Global Cyber Impact Report

2015 Global Cyber Impact Report 2015 Global Cyber Impact Report Sponsored by Aon Risk Services Independently conducted by Ponemon Institute LLC Publication Date: April 2015 2015 Global Cyber Impact Report Ponemon Institute, April 2015

More information

The economics of IT risk and reputation

The economics of IT risk and reputation Global Technology Services Research Report Risk Management The economics of IT risk and reputation What business continuity and IT security really mean to your organization Findings from the IBM Global

More information

Economic impact of privacy on online behavioral advertising

Economic impact of privacy on online behavioral advertising Benchmark study of Internet marketers and advertisers Independently Conducted by Ponemon Institute LLC April 30, 2010 Ponemon Institute Research Report Economic impact of privacy on online behavioral advertising

More information

The TCO of Software vs. Hardware-based Full Disk Encryption

The TCO of Software vs. Hardware-based Full Disk Encryption The TCO of Software vs. Hardware-based Full Disk Encryption Sponsored by WinMagic Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Industry Co-Sponsors Ponemon Institute Research

More information

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013

The Post Breach Boom. Sponsored by Solera Networks. Independently conducted by Ponemon Institute LLC Publication Date: February 2013 The Post Breach Boom Sponsored by Solera Networks Independently conducted by Ponemon Institute LLC Publication Date: February 2013 Ponemon Institute Research Report Part 1. Introduction The Post Breach

More information

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners

Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Best Practices in Data Protection Survey of U.S. IT & IT Security Practitioners Sponsored by McAfee Independently conducted by Ponemon Institute LLC Publication Date: October 2011 Ponemon Institute Research.

More information

Privacy and Security in a Connected Life: A Study of European Consumers

Privacy and Security in a Connected Life: A Study of European Consumers Privacy and Security in a Connected Life: A Study of European Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute Research

More information

State of Web Application Security U.S. Survey of IT & IT security practitioners

State of Web Application Security U.S. Survey of IT & IT security practitioners State of Web Application Security U.S. Survey of IT & IT security practitioners Sponsored by Cenzic & Barracuda Networks Independently conducted by Ponemon Institute LLC Publication Date: March 2011 Ponemon

More information

Enhancing Cybersecurity with Big Data: Challenges & Opportunities

Enhancing Cybersecurity with Big Data: Challenges & Opportunities Enhancing Cybersecurity with Big Data: Challenges & Opportunities Independently Conducted by Ponemon Institute LLC Sponsored by Microsoft Corporation November 2014 CONTENTS 2 3 6 9 10 Introduction The

More information

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations

Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Threat Intelligence & Incident Response: A Study of U.S. & EMEA Organizations Sponsored by AccessData Independently conducted by Ponemon Institute LLC Publication Date: February 2014 Ponemon Institute

More information

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers

Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Leading Practices in Behavioral Advertising & Consumer Privacy Study of Internet Marketers and Advertisers Independently Conducted by Ponemon Institute LLC February 2012 Leading Practices in Behavioral

More information

Cyber Security on the Offense: A Study of IT Security Experts

Cyber Security on the Offense: A Study of IT Security Experts Cyber Security on the Offense: A Study of IT Security Experts Co-authored with Radware Independently conducted by Ponemon Institute LLC Publication Date: November 2012 Ponemon Institute Research Report

More information

2013 Cost of Data Center Outages

2013 Cost of Data Center Outages 2013 Cost of Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: December 2013 Part 1. Executive Summary 2013 Cost of Data Center Outages Ponemon Institute, December

More information

Protecting your brand in the cloud Transparency and trust through enhanced reporting

Protecting your brand in the cloud Transparency and trust through enhanced reporting Protecting your brand in the cloud Transparency and trust through enhanced reporting Third-party Assurance November 2011 At a glance Cloud computing has unprecedented potential to deliver greater business

More information

Global Study on the State of Payment Data Security

Global Study on the State of Payment Data Security Global Study on the State of Payment Data Security 3 Introduction We are pleased to present the findings of The Global Study on the State of Payment Data Security Study conducted on behalf of Gemalto by

More information

2013 Study on Data Center Outages

2013 Study on Data Center Outages 2013 Study on Data Center Outages Independently conducted by Ponemon Institute LLC Publication Date: September 2013 2013 Study on Data Center Outages Ponemon Institute, September 2013 Part 1. Introduction

More information

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season

The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season The 2013 ecommerce Cyber Crime Report: Safeguarding Brand And Revenue This Holiday Season Sponsored by RSA Security Independently conducted by Ponemon Institute, LLC Publication Date: October 2013 Ponemon

More information

The Human Factor in Data Protection

The Human Factor in Data Protection The Human Factor in Data Protection Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report The Human Factor in Data Protection

More information

Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers

Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers Privacy and Security in a Connected Life: A Study of US, European and Japanese Consumers Sponsored by Trend Micro Independently conducted by Ponemon Institute LLC Publication Date: March 2015 Ponemon Institute

More information

State of IT Security Study of Utilities & Energy Companies

State of IT Security Study of Utilities & Energy Companies State of IT Security Study of Utilities & Energy Companies Sponsored by Q1 Labs Independently conducted by Ponemon Institute LLC Publication Date: April 2011 Ponemon Institute Research Report State of

More information

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc.

Survey on the Governance of Unstructured Data. Independently Conducted and Published by Ponemon Institute LLC. Sponsored by Varonis Systems, Inc. Survey on the Governance of Unstructured Data Independently Conducted and Published by Ponemon Institute LLC Sponsored by Varonis Systems, Inc. June 30, 2008 Please Do Not Quote Without Express Permission.

More information

IBM QRadar Security Intelligence: Evidence of Value

IBM QRadar Security Intelligence: Evidence of Value IBM QRadar Security Intelligence: Evidence of Value Independently conducted by Ponemon Institute LLC February 2014 Ponemon Institute Research Report Background IBM QRadar: Evidence of Value Ponemon Institute:

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

A Benchmark Study of Multinational Organizations. Research Report. Independently Conducted by Ponemon Institute LLC

A Benchmark Study of Multinational Organizations. Research Report. Independently Conducted by Ponemon Institute LLC A Benchmark Study of Multinational Organizations Research Report Independently Conducted by Ponemon Institute LLC January 2011 $5,838,781 DIFFERENCE Compliance Cost $3,529,570 Non-Compliance Cost $9,368,351

More information

The Aftermath of a Data Breach: Consumer Sentiment

The Aftermath of a Data Breach: Consumer Sentiment The Aftermath of a Data Breach: Consumer Sentiment Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research

More information

Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT

Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Overview Cloud computing offers great opportunities for organizations, including schools, hospitals and businesses

More information

Cyber Threat Intelligence: Has to Be a Better Way

Cyber Threat Intelligence: Has to Be a Better Way Exchanging Cyber Threat Intelligence: There Has to Be a Better Way Sponsored by IID Independently conducted by Ponemon Institute LLC Publication Date: April 2014 Ponemon Institute Research Report Exchanging

More information

First Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies

First Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies First Annual Cost of Cyber Crime Study Benchmark Study of U.S. Companies Sponsored by ArcSight Independently conducted by Ponemon Institute LLC Publication Date: July 2010 Ponemon Institute Research Report

More information

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT)

SOCIAL MEDIA MOBILE DEVICES CLOUD SERVICES INTERNET OF THINGS (IOT) INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT THE FIFTH ANNUAL SURVEY ON THE CURRENT STATE OF AND TRENDS IN INFORMATION SECURITY AND CYBER LIABILITY RISK MANAGEMENT Sponsored by October 2015

More information

2015 Global Encryption & Key Management Trends Study. Sponsored by Thales e-security

2015 Global Encryption & Key Management Trends Study. Sponsored by Thales e-security 2015 Global Encryption & Key Management Trends Study Sponsored by Thales e-security Independently conducted by Ponemon Institute LLC Publication Date: April 2015 Ponemon Institute Research Report 2015

More information