Industry body claims research shows cloud data storage concerns are overstated

Out-Law News | 10 Sep 2014 | 4:18 pm | 1 min. read

A survey of senior IT and business leaders shows that concerns about data security, privacy and sovereignty in a cloud computing environment are overstated, a cloud industry body has said.

According to a survey of 250 senior IT and business decision makers by the Cloud Industry Forum (CIF), 88% of organisations have some concerns about storing data in the cloud but just 2% of cloud customers believe they have experienced a cloud service-related data breach.

CIF is a body that enables businesses providing cloud-based services to win certification for those services when they can demonstrate compliance with a code of practice. Its members include Microsoft, Adobe and Hewlett Packard.

CIF's survey revealed that data security is the biggest concern among organisations using cloud services, with 61% of respondents expressing concern about data security in the cloud. More than half of respondents (54%) raised concerns about data privacy in the cloud and 28% of those surveyed highlighted concerns about the sovereignty of their data in the cloud environment, CIF said.

However, the body said that much of the concerns about data in the cloud were overblown and stem from how the media has reported on such issues.

"Despite the significant growth in adoption and penetration of cloud services, it’s clear from the research that the market remains somewhat confused and uncertain as to the legal, regulatory and security environment surrounding the market," Alex Hitlon, chief executive of CIF, said. "This is arguably driven by the continued FUD (fear, uncertainty and doubt) being peddled in the media following recent developments in European data protection and the revelations about Prism.”

According to CIF's survey, 75% of UK organisations cite security as a reason for not moving business applications to the cloud. Data backup/disaster recovery applications are the riskiest to deploy in the cloud, with data storage, personnel and payroll applications identified as the next most risky applications to use in the cloud, the organisations said, according to the study.

CIF said large companies operating in heavily regulated industries are most reluctant to adopt cloud solutions. It also said that 9% of UK organisations that use cloud services changed their supplier in the wake of the Prism revelations.

Prism is a system whose existence was revealed by whistleblower Edward Snowden in the summer of 2013. Snowden released documents that he said showed that Prism was being used by the US' National Security Agency (NSA) to access data stored by major technology companies.

The revelations prompted a debate about the privacy of information held by US companies, some of which act as cloud providers for EU businesses that are subject to stringent data protection requirements.