BreachExchange mailing list archives
Data breaches to cost more in the cloud
From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Thu, 8 Apr 2010 21:40:33 -0400
http://www.securecomputing.net.au/News/171606,data-breaches-to-cost-more-in-the-cloud.aspx By Liz Tay Apr 9, 2010 9:49 AM Remedying a data breach costs 40 percent more for businesses that store their data offshore, a study of Australian incidents has found. Conducted by the Ponemon Institute and PGP Corporation, the inaugural Australian Cost of a Data Breach report aimed to quantify the costs associated with public and private sector data breaches. Sixteen organisations participated in the study between September 2009 and January, all of which had experienced one or more data breach incidents during the past year. The incidents that were reported involved between 3,300 and 65,000 compromised records, and were found to cost an average of $123 per compromised record. Incidents that involved a third party -- such as a cloud computing or software-as-a-service (SaaS) provider -- had a higher average cost of $152 per record, compared to $109 for incidents that occurred and were handled in-house. PGP CEO Phillip Dunkelberger told iTnews that organisations operating in the cloud incurred higher costs because of issues to do with territorial jurisdictions, and additional investigation and consulting fees. "I think the cloud is coming in a big way, but the people promoting it have got to be careful they don't confuse basic data security with the legal and jurisdictional issues that come when you've got data spread around the world," he said. "Fundamentally, clouds have a different legal and jurisdictional profile, especially when they cross national boundaries," he explained. "You've got to deal with how do we do the research into what happened, how do we deal with two legal teams, multiple IT teams, and that's why third party breaches are much more costly than remedying it on your own." [..] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Get business, compliance, IT and security staff on the same page with CREDANT Technologies: The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives. The eBook begins with considerations important to executives and business leaders. http://www.credant.com/campaigns/ebook-chpt-one-web.php
Current thread:
- Data breaches to cost more in the cloud Jake Kouns (Apr 08)