Top 10 Cloud Adoption Risks

Top 10 Cloud Adoption Risks

 

The last five years have seen phenomenal growth in cloud adoption.

While around 88% of organizations were already making use of the cloud in 2019, the advent of the pandemic in 2020 and the need for remote working massively increased the number of companies that are using the cloud to store business-critical data and infrastructure.

While there are definitely benefits to cloud adoption, on average it’s 40-times more cost effective than an on-premises alternative, it's not without its risks.

Understanding those risks is the key to avoiding them, so, in their article, we’ll be running through the top ten most common cloud adoption risks.

1.  Data Security and Unauthorized Access

Around 83% of businesses store sensitive data in the cloud, making data security and unauthorized access one of the largest risks associated with cloud adoption.

As of June 2021, there have been 729 security incidents and 3,947,030,094 records released due to data breaches.

Because of the pandemic and the increased use of remote working, the instances of reported cybercrime have risen by as much as 600%.

Around 43% of IT professionals said they had been targeted by social engineering schemes in the last year.

The cost of these data breaches is huge. Not only does it cost the average company anywhere from $1.25 million to $8.19 million per breach, but it also impacts the lives of millions whose records have been stolen and then used in identity theft crimes.

While switching to a cloud storage vendor can actually provide a smaller business with better data security, it does also increase the risk associated with unauthorized access.

The reason for this is the number of clients the vendor has. The more clients storing data with the cloud vendor, the more risk that is concentrated on a single point of failure.

Should criminals somehow manage to breach the defenses of the cloud provider, they can access the data of multiple businesses, making it more efficient for them to target cloud vendors rather than individual businesses.

2.  Security Risks at the Vendor End

Data security is reduced proportionately to the number of people’s hands it passes through.

When you outsource the storage of sensitive data to a cloud service provider (CSP), the number of people who technically have access to that data increases.

Additionally, you also have less visibility over the people at the CSP who have access to your data.

Your own staff might have gone through a rigorous vetting process, but can you say the same thing about all the staff members at the CSP?

Data breaches are just as commonly created by internal staff as they are by external bad actors and cloud adoption significantly increases that risk.

New employees are the most susceptible to socially engineered attacks, with 60% of IT professionals citing recent hires as being at high risk.

21% of current or former employees use social engineering to gain a financial advantage, for revenge, out of curiosity, or for fun.

3.  Data Security Compliance Issues

Depending on where you are in the world and what the nature of your business is, you may be responsible for sensitive information.

Laws like the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Payment Card Industry Data Security Standard (PCI DSS), and the General Data Protection Regulation (GDPR) govern how certain data must be held and mandate who is responsible for its protection.

By storing that information on the cloud, you are relying on the CPR to store it in a manner that is compliant with the related regulations.

If the CPR does not store that particular data in a compliant manner, your company might be legally liable in the event of exposure or unauthorized access.

Additionally, many companies litigate how and where sensitive data can be stored as part of their contractual obligations.

Should a member of staff unknowingly move data into cloud storage that isn’t covered by these contractual obligations, you could find that your company is in breach of contract.

Data loss is actually the most expensive component of cybercrime, representing around 43% of the costs. This is because the average cost of the data breach is around $225 per record in the United States and $190 per record in Canada.

4.  Reduced Visibility and Control

Transitioning to a cloud network owned by another company does reduce the amount of control you have over the systems and data you place in their hands.

There are a number of different risks associated with this loss of control. Firstly, if the data being stored by the CSP is vital to your business, then they are at liberty to increase their prices at will.

You have no guarantee that the price for cloud storage won’t drastically increase once you’ve become dependent on it.

In a connected issue, you also lose control over access to your data to some extent. If cash flow issues or economic hardships mean you can’t pay your bill, will you lose access to your data as a result?

If the answer is yes and you’re already in financial trouble then having your access to vital data or systems cut off could potentially push your business over the edge.

Additionally, you have no oversight or control over the equipment and staff used by the CPS.

Should they wish to move to a different platform or use different systems or software, that decision is now in the hands of the CSP, not you.

5.  Lack of Availability

The reality is that not even the largest cloud service provider can guarantee 100% uptime all of the time.

2021 has already seen outages on Microsoft’s Azure cloud platform and Amazon Web Services (AWS) and those are the two largest cloud providers in the world.

Even if your CSP can guarantee you 99% uptime, which you should be very suspicious of, that 1% downtime still potentially translates into 87.6 hours of not being able to trade because you don’t have access to vital data or systems.

Depending on your CSP and both their and your exact setup, there are additional connection risks to take into account.

What happens if your or your CSP’s internet connection fails? What happens if the power goes off?

How long can you continue to operate without access to all the vital data stored within the cloud?

There’s also a cost associated with data outages, with Gartner estimating network outages cost businesses an average of $5,600 per minute.

A different report by risk modeler AIR Worldwide calculated that the loss of a major cloud provider for 3-6 days would result in total losses of around $15 billion.

Because businesses outside of the Fortune 1000 are just as likely to use cloud services, but less likely to have cyber-insurance, the report estimated that they would shoulder 63 percent of the losses and 57 percent of insured losses.

6.  Incomplete Deletions

Because of the lack of visibility and control you have over how the CSP performs actions on your data, you can be 100% sure that sensitive data is deleted. 

You have no way of knowing what level of backups your CSP is using, how the data is partitioned, or any way to verify the secure deletion of their data.

If your CSP is multi-tenancy, then your data might be spread over storage devices that are spread through multiple layers of their infrastructure.

Additionally, most cloud users do not have any insight into the deletion procedures used by their CSP or how long it takes for data to be fully deleted.

This means that, even once you have to another CSP, there is a small chance that certain amounts of your sensitive data still exists, undeleted, in the infrastructure of your previous CSP.

Obviously, this particular risk is compounded the more CSPs you make use of. The more times you move provider, the more chances there are of an incomplete deletion of your sensitive data.

7.  Stored Data Loss

There is any number of reasons why the data you have stored on the cloud might be lost. Anything from a fire at the premises where the data was stored, to a natural disaster, to just a straight-up accidental deletion.

Your CSP is also a business, which means there is always a possibility they could go out of business or be bought out and shut down.

Malicious attackers or malware might also corrupt or delete vital data that you are reliant on in order to do business or liable to protect.

While it might seem unlikely that these events would affect your CSP, a recent survey by Aberdeen indicated that 32% surveyed have lost data stored in cloud-based applications mostly because of end-user error or accidental deletions.

Before contracting with a CSP, businesses should look into what data backups they use and if the CSP has taken any steps to mitigate fires or natural disasters so that the stored data remains secure.

8.  CSP Outsourcing

We’ve already mentioned how difficult it is to get any real visibility or control over how your CSP acts internally. This is further compounded if your CSP is then outsourcing some of its work to other companies.

The reality is that you might never know if your CSP is using outsourced data storage and therefore have no control over the quality of that storage.

While you might be happy with your CSP’s level of security protections, you don’t really have any insight into the security protections of the companies they are outsourcing to.

This can lead to both security issues and compliance issues for you.

While it might be reasonable to assume that external bad actor attacks were the most common cause of data loss, they actually only make up around 27% of the root causes of data breaches for small businesses.

The top two most common causes of data breaches for small businesses are negligent employee or contractor (48%) or third party mistake (41%), highlighting the risk of CSP outsourcing.

If the data is stored overseas, you might also be put in a position where a subcontractor goes down, goes out of business, or suffers some sort of damage to their infrastructure, leaving you with no way of recovering your data.

9.  Damaged Customer Trust

If the worst-case scenario does happen and a data breach happens at your CSP, leaking sensitive information onto the internet, you may find that, for compliance purposes, you are forced to make the breach public.

If that happens, the resulting loss of customer trust could have a significant negative impact on your business.

After the loss of customer data due to security breaches in 2019, but Target and EasyJet suffered significant stock price drops as customers turned to their competitors instead.

Additionally, depending on the nature of the data leaked, your company may be on the receiving end of fines by regulatory bodies and even lawsuits from those who had their data exposed

The Equifax data breach, which saw the private records of 147.9 million Americans, along with 15.2 million British citizens and about 19,000 Canadian citizens compromised for identity theft purposes, cost the company an estimated $4 billion.

The resulting turnover of customers and the need to make up for that by increasing customer acquisition activities cost U.S. companies who had been the victim of a data breach around $4.13 million per company.

In fact, the total annual damages caused by cybercrime, with data loss making up the vast majority of those losses, is estimated to hit $6 trillion in 2021.

10.  Increased Complexity and Costs

While there are certainly cost-saving benefits associated with cloud adoption, the increasing pace of technological innovation can make cloud adoption potentially costly and complicated.

In fact, around 92 percent of businesses are now moving away from single cloud to multi-cloud systems, and multi-cloud is expected to be the norm by 2025.

As multi-cloud adoption increases, a number of the risks listed above increase. More CSPs mean more potential weak points for attackers to exploit.

Having data spread across multiple companies increases the risk of data being accidentally lost, not deleted properly, or not stored in a compliant manner.

Additionally, more companies mean more staff and this further increases the risk that sensitive data will be accessed by someone without the authority to do so.

As we’ve already pointed out, unauthorized access of certain sensitive data can put your company at risk of legal liability.

In addition to the increased risks, the more companies included in a multi-cloud setup, the faster the price for services goes up and the more complicated your system becomes.

Imagine participating in a multi-cloud setup with data spread across 10 CSPs. Not only are the standard cloud adoption risks increased by a factor of ten, but so is the complexity of dealing with your multi-cloud network.

You now have 10 different types of security credentials, 10 online platforms or sets of proprietary software to use, and 10 companies that are billing you and that you have to send a different list of authorized users to. 

There’s also a good chance that some of the data stored across those different platforms are also the same data, meaning that you’re paying to redundantly store the same data in different places.

How Can I Avoid These Cloud Adoption Risks?

The best way to mitigate the risks associated with cloud adoption is to educate yourself on what they are. Some available educational avenues are:

Call CAUCUS at 407.740.0700 if you have any questions.  

Share this post:

Comments on "Top 10 Cloud Adoption Risks"

Comments 0-5 of 0

Please login to comment
Live Help