Security is still the biggest barrier amongst UK businesses considering migrating data to a cloud service provider (CSP), according to research from Infrastructure as a Service (IaaS) provider Databarracks. However, it also points to a change in attitude of many organisations towards cloud-based technology, highlighting an increased level of understanding.
The research, Databarracks’ annual Data Health Check Report, sought the views of over 400 IT professionals from UK-based organisations. The findings show that the majority of IT professionals (58 percent) still see security as the biggest concern when moving data to cloud services. Over 60 percent identify security procedures and policies as the most important aspect they look for when selecting a CSP.
However, evidence also points to companies no longer stalling in the face of such concerns, with many proactively implementing policies to overcome security anxieties. For example, 64 percent of those surveyed are considering, or have already put in place, an official policy restricting employee use of consumer cloud services such as iCloud and Dropbox. Also, 43 percent of organisations are reviewing their security policies in light of the recent PRISM revelations.
Peter Groucutt, managing director for Databarracks believes the research reveals a positive change in attitude.
“Security is always going to be the major priority for those considering a move to cloud services, as you are often trusting a third party with your company’s most sensitive data. However, the difference highlighted in the research is that organisations are no longer seeing this as a roadblock, but rather an opportunity to review their current security practices and implement effective new policies that protect their data and enable a more confident move to cloud services.
“What is interesting from the results is that there remains a lack of understanding over basic data protection. For example, over two thirds didn’t know the legal limits on the amount of personal data an organisation can hold, while 80 percent were unaware of the restrictions on moving data outside of the EU. This goes hand-in-hand with previous findings that suggest a skills shortage existing amongst cloud-specific competencies, and reinforces the need for this to be addressed.”
He also observed that security is not a simple, black and white issue. For example, many organisations still need to realise that they don’t have to encrypt everything. According to the research, 33 percent of organisations currently still encrypt everything.
Groucutt also suggested that CSPs need to do more to help focus organisations on the real issues, like the specifics of when and where encryption is needed. This, he suggested, would help them to stop worrying about general cloud security, which often causes unnecessary barriers to adoption.