The string of high-profile IT and data services failures in recent weeks--including the Epsilon data breach, Amazon web services outage and the PlayStation Network problems--gives some credence to those who have argued that the risks of cloud-based services need to be taken more seriously. The real risk at stake is not that a system or service might fail but that providers and customers will have to shoulder the financial liability, writes Arik Hesseldahl at the Wall Street Journal.

The estimated cost of the Epsilon breach, which may have exposed as many as 60 million email addresses, could reach $225 million, according to CyberFactors, a risk-analysis firm. Epsilon's customers--such as BestBuy, Citibank, Walt Disney Co.--may end up spending an additional $412 million on such chores as changing marketing strategies and informing customers.

To that half billion-plus dollars, you have to add the cost of fines, audits, litigation and more down the road. With this kind of financial liability at stake, cloud services providers should learn to operate more like banks or insurance companies when it comes to addressing risk, Hesseldahl writes.

"Handing your data over to someone is in a way comparable to handing goods over to a shipping company who promises to get it safely from one place to the other. Something bad can happen along the way, and often does. Trains derail, ships sink or get attacked by pirates. This is why the insurance industry exists," he writes.

For more:
- see Arik Hesseldahl's column at the Wall Street Journal

Related Articles:
Three data breaches that underscore human error
Eight steps to risk-oriented security
Orbitz CISO's advice on managing vulnerabilities