Bitdefender surveyed 250 US IT decision makers who concluded that  about “34 percent of companies were breached in the past 12 months, while 74 percent of IT decision makers don’t know how the company was breached” and “Two-thirds of companies would pay an average of $124k to avoid public shaming scandals after a breach. Some 14 percent would pay more than $500k.”  The Bitdefender report entitled “Virtualization makes CIOs role key (A survey on US IT decision makers)” included this recommendation about #3 “Be mindful of geographical jurisdiction and data handling storing laws”:

When choosing a cloud service provider, it’s vital that the datacenter physically reside in a region or country in which data handling and storing legislation is favorable to your company’s business interests. Any datacenter, regardless of the data it stores, falls under the data privacy and protection laws of the country it’s built in. Consequently, it’s vital that any company that plans to use a cloud service provider that has datacenters outsider its borders read and abide by the local data protection laws. Otherwise, the organization may risk judicial repercussions that could involve both financial and reputational damages.

Here are all 10 recommendations:

  1. Define the criteria on which you store on-premise or in-the-cloud data. Perform risk management.
  2. Keep your cloud private.
  3. Be mindful of geographical jurisdiction and data handling storing laws
  4. Perform due diligence on the cloud service provider and stipulate damages.
  5. Encrypt data both locally and in transit
  6. Backup cloud data
  7. Use secure and multiple authentication mechanisms
  8. Limited number of employees that can access sensitive data
  9. Prevent DDoS attacks
  10. Create, define and implement fast security response procedures

Good advice from the IT leaders, but how many companies will follow this advice?