The Information Commissioner’s Office (ICO), UK has come out with its recent guidance on the use of cloud computing as part of its awareness programmes in the contect of the Data Protection Act, 1998. The ICO recognized a shift towards a greater use of cloud computing is well underway and focussing on user & prospective user organizations and cloud providers. In this backdrop, a new survey shows there is a serious lack of awareness of either the ICO’s guidance or legal responsibilities within organizations.
UK businesses are unable to count the cost of a security breach, according to new research commissioned by CipherCloud, the leader in cloud information protection. According to the survey of over 300 business decision makers in UK companies across key markets including financial services, healthcare and government, nearly 70 per cent of respondents were unable to estimate the cost of a security breach. This was despite admitting they had concerns about security risks when it comes to putting their information in the cloud.
The Data Protection Act makes it clear that responsibility for data protection rests with the data owner (the company) and not the cloud provider. This means that it is up to the company to ensure security wherever cloud services are used – whether that’s web-based email, applications such as Google Drive, or third-party storage and transfer systems such as Dropbox. With responsibility for security now residing with the company that owns the data, not the cloud provider or services company taking care of it, CipherCloud advises businesses to get to grips with relevant legislation and possible fines that are being levied at those found to be non-compliant.
“Our research reveals some interesting insights into the minds of senior business professionals, with a lack of understanding of the true cost of the breach of their sensitive information,” said Richard Olver, Regional Director of EMEA at CipherCloud. “On the other hand, it’s clear that organisations are very concerned about the risk of their information being breached.”
When it comes to data privacy, security, residency and compliance concerns, it is clear that these have impacted companies’ use of cloud applications.
- On average, 22 per cent admitted that such concerns had slowed at least one or more project
- 10 per cent said they had put a stop to all cloud application projects
- 8 per cent said such concerns had stopped one or more cloud applications project.
When asked about the current use and future implementation of cloud-based applications:
- Business tools, (sales, marketing, HR and procurement) are being used by 12 per cent with 15 per cent planning to migrate
- Data storage and archiving is already being used by 16 per cent of respondents with a further 17 per cent looking to adopt a cloud-based approach in the next 1-12 months
- Communications applications (e.g. email, contacts calendars) are being used by 14 per cent of businesses with a further 20 per cent adopting them over the same time period
- Collaboration tools and shared document services (e.g. Dropbox, Box) are being used by 11 per cent with 20 per cent planning to migrate
- Internal applications and portals (e.g. travel and finance) are being used by 9 per cent with 19 per cent migrating in the next 1-12 months
The Information Commissioner’s Office is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.