Monthly Archives: June 2022

How Covid-19 pushed more organizations into the cloud

During Covid-19, many organizations began or accelerated efforts to migrate applications to public cloud environments. The purpose of this study is to learn important information about how COVID-19 changed the migration of applications and the effect it has had on organizations’ cloud security practices and costs. As defined in this research, the post-COVID cloud boom refers to the impact of the pandemic on corporate cloud migrations and deployment.

According to the research, the use of public cloud resources for securing critical applications outpaced on-premises deployment because of the need to maintain a higher level of agility, flexibility and resilience during the pandemic. Further, the “boom” refers to the innovations made by cloud users and providers to respond to threats and vulnerabilities that have emerged during the pandemic.

Sponsored by Anitian and conducted by Ponemon Institute, 643 IT and IT security respondents in the United States were surveyed in organizations that use all or mostly public clouds. A key takeaway from the research is that 61 percent of respondents say migration or expansion of cloud resources significantly increased (31 percent) or increased (30 percent) their organizations’ ability to achieve its business goals such as revenue growth, expansion into new markets, retention and hiring of in-house expertise and innovation.

Our study confirms that organizations’ migration and expansion of cloud resources during the COVID pandemic significantly increased their ability to achieve their business goals. Enterprise’s objectives such as revenue growth, expansion into new markets, retention and hiring of in-house expertise, and innovation were all prominent findings in our research.

The following findings reveal how the Post-Covid-19 boom is supporting three equally important objectives for organizations: business growth, security posture and financial strength.

 Business growth:

  • Despite the challenges of dealing with COVID, migration and transition to public clouds resulted in a boom. During this period, many organizations realized greater agility and innovation in responding to threats and vulnerabilities that emerged during the pandemic.
  • The use of most or all public cloud providers increased significantly in the post-Covid-19 era resulting in many organizations benefiting from the boom. The boom significantly increased or increased the ability of organizations to achieve their business growth despite risks due to a remote workforce, according to 61 percent of respondents. 
  • The primary benefits from the boom are to support business goals. According to the research, 62 percent of respondents say the migration or transition to the public cloud was to reduce cost, 53 percent of respondents say it is to increase efficiency and 41 percent of respondents say it is to support business growth.

Security posture:

  • Organizations’ cloud security improves in the post-Covid-19 boom. Pre-Covid-19 before transition or migration to the public cloud, 35 percent of respondents say their organizations had a very effective cloud security posture. Post-Covid-19 about half (49 percent) of respondents say their organizations’ security posture is very effective. Further, business risk did not significantly increase or increase during migration or transition to the public cloud. 
  • Remote worker productivity increased while supporting security in the cloud. Applications were moved to the cloud to improve remote worker productivity. Employees working remotely increased significantly during the pandemic and organizations moved their applications to the cloud for productivity and security reasons.

Special analysis: Financial strength

Ponemon Institute, as part of this research, conducted a benchmark study of 158 senior-level CISOs in companies that primarily transitioned or migrated to the public cloud during the pandemic (81 respondents) vs. companies that did not significantly transition or migrate from the on-premises environment (77 respondents) during this period.

As revealed, companies that primarily migrated or transitioned to the cloud have lower costs to secure the cloud and respond to the financial consequences of data breaches in the cloud. These organizations also made greater investments in security technologies because of the ability to reduce costs.

  • Lower costs to secure cybersecurity operations in the cloud. On average, in a comparison between those organizations that primarily migrated or transitioned to the public cloud during the pandemic had lower costs to ensure the security of the cloud ($14.5 million) vs. those organizations that primarily performed cybersecurity practices on-premises ($16.1 million) for a net benefit of $1.6 million.
  • Lower data breach costs. For those organizations that migrated and transitioned all or most of their cybersecurity practices to the public cloud had significantly lower data breach costs ($13.3 million vs. $18 million) for a net benefit of $4.7 million.
  • Higher annual investments in cybersecurity operations in the public cloud. Due to lower costs as described above, those organizations that performed cybersecurity operations in the public cloud were able to increase their annual investments ($16.8 million vs. $12.2 million), for a net benefit of an increase of $4.6 million in annual investments.

Visit Anitian’s website to download the full report. In it, you’ll find a complete analysis of the research findings. The report is organized according to the following themes.

  • The benefits of the post-COVID-19 cloud boom
  • Managing security risks in the cloud
  • Special analysis: The financial benefits of the post-COVID cloud boom
  • Steps taken to secure remote workers’ access to the cloud

Tim Hortons tracked when customers went to Starbucks … and much more

Bob Sullivan

How many sugars do you want with that coffee? And how much surveillance? If you were “cheating” on your favorite coffee shop with a different one, would you mind if an app told on you?

Earlier this month, Canada’s Privacy Commissioner found that the Tim Hortons chain violated the law by when it surveilled app users, who were “tracked and recorded every few minutes of every day, even when their app was not open.” That sounds bad enough, but the story behind the investigation reveals far more creepy surveillance capitalism was going on. Two years ago, Financial Post journalist James McLeod used Canadian law to demand every piece of information Tim Hortons had collected on him, and spun it into a dramatic narrative.

“I had no idea how extensive the tracking data was until I saw it. There were readings taken at all hours of the day and night, and (the app) kept tabs on me every time the app thought I was visiting one of its competitors,” he wrote.

The app, McLeod found, “identified where he lived and worked…and noted when it believed he entered a Starbucks, Second Cup, McDonald’s, Pizza Pizza, A&W, KFC or Subway,” according to the Canadian investigation.  It also knew when he went to a Toronto Blue Jays baseball game, when he went to Manitoba for a wedding, even when he arrived at Amsterdam’s Schiphol Airport.

The full investigation is worth reading; so is the original news report from 2020.

As conversation around a federal privacy law in the U.S. seems to be suddenly reignited, much to the delight of many who thought efforts to pass any legislation during this testy political season were doomed, there are still plenty of lingering questions. Have tech industry insiders had too much to say about the proposed language in the American Data Privacy and Protection Act? Will consumers really acquire new protections, or will the law entrench existing (bad) behaviors?  And how many exceptions will be made for law enforcement, for employers, even for data brokers?  Shoshana Wodinsky at Gizmodo offers a level-headed, skeptical analysis of the bill in its current form here. And a summary of its provisions is here (PDF).

But I think the timing of the Tim Hortons investigation is helpful, because however icky the story is, it also points to a couple of things that worked well. McLeod only had a hunch something was wrong because Google added a new privacy feature to his smartphone  — the option to limit sharing of location information with apps only when they are open. The Tim Hortons app was requesting more access than that, which led McLeod to file a so-called PIPEDA request. Under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), users can ask companies to divulge all the data that’s been collected about them.  When McLeod got his response, he had his story, and Canada’s privacy commissioner had an investigation.

Under California’s state privacy law, consumers can now file what is known as DSAR’s — Data Subject Access Requests — and get reports similar to the one McLeod got from Tim Hortons. This disclosure right should be an essential tool for all Americans, made as easy as possible, and advertised broadly as a feature. In its current form, the American Data Privacy and Protection Act calls for such disclosure, and critically, for it to be made available “in a human-readable and downloadable format that individuals may understand without expertise.” Sure, most consumers won’t take advantage of the opportunity, but a few will. And who knows what stories might be uncovered as a result.