The latest research from the Cloud Industry Forum (CIF) highlights the discrepancy between the perceptions of data security in the cloud and the reality experienced by users of cloud services in the UK. While adoption rates of Cloud continue to increase at pace, the perceived threat is clearly not the real position, so must be countered and resolved by a professional industry and informed users.
The research, which polled 250 senior IT and business decision-makers, confirmed that the number one issue in the minds of end users still relates to data security, cited by 61 per cent of respondents. This was followed by data privacy (54 per cent), and data sovereignty (28 per cent). Critically however, only 2 per cent of organisations believed that they had actually experienced a Cloud service-related security breach.
Other key findings include:
· Applications considered to be the highest risk by organisations are data backup/disaster recovery (36 per cent); data storage (30 per cent) and personnel and payroll (33 per cent)
· 88 per cent of organisations are concerned to some extent about their data in the cloud
· Just under half (44 per cent) have actively changed the way they use cloud following the PRISM revelations, including almost one in ten (9 per cent) who have changed their CSP entirely
· Security ranks as the number one reason for organisations not wishing to move specific applications to the cloud (75 per cent)
For Alex Hilton, CEO of CIF, the results should be seen as solid reinforcement that the perception that Cloud is inherently less secure than on-premises IT is far removed from the realities experienced by users of Cloud services.
Hilton said: “Despite the significant growth in adoption and penetration of Cloud services, it’s clear from the research that the market remains somewhat confused and uncertain as to the legal, regulatory and security environment surrounding the market. This is arguably driven by the continued FUD (fear, uncertainty and doubt) being peddled in the media following recent developments in European Data Protection and the revelations about PRISM.”
Larger regulated businesses are most cautious about Cloud adoption and this is where Hybrid Cloud becomes relevant. Hilton commented: “Hybrid Cloud enables organisations to combine the best of both worlds to fit both their technology needs together with mandatory regulatory requirements. This will also help them manage data concerns. Businesses are right to be concerned about their data, but this applies as much to Cloud environments as to on-premise,” he continued.
Richard Pharro, CEO of APM Group, CIF’s independent certification partner, added: “This issue is as much about perceptions as actual risk, presenting something of a challenge for the industry. Although more businesses than ever are open to Cloud to some extent, turning the perception that Cloud is insecure will take time. There are, however, a number of things that the industry can do to hurry the process along – certification being one of them. It’s simply not enough to say ‘trust that we will look after your data’; the industry must prove its worth. The CIF Code of Practice offers CSPs the chance to demonstrate their capabilities and commitment up front in an open, up-front and verifiable way, helping to build trust with end users.”