The research, Databarracks’ annual Data Health Check report, surveys over 400 IT professionals from UK-based organisations. Findings highlight that the majority (58 per cent) of IT professionals still see security as the biggest concern when moving data to cloud services. Over 60 per cent identify security procedures and policies as the most important aspect they look for when selecting a CSP.
However, evidence also points to companies no longer stalling in the face of such concerns, with many proactively implementing policies to overcome security anxieties. 64 per cent of those surveyed are considering, or have already put in place, an official policy restricting employee use of consumer cloud services such as iCloud and Dropbox. 43 per cent of organisations are also reviewing their security policies in light of the recent PRISM revelations.
Peter Groucutt, managing director for Databarracks believes the research reveals a positive change in attitude: “Security is always going to be the major priority for those considering a move to cloud services, as you are often trusting a third party with your company’s most sensitive data. However, the difference highlighted in the research is that organisations are no longer seeing this as a roadblock, but rather an opportunity to review their current security practices and implement effective new policies that protect their data and enable a more confident move to cloud services.
“What is interesting from the results is that there remains a lack of understanding over basic data protection. For example, over two thirds didn’t know the legal limits on the amount of personal data an organisation can hold, while 80 per cent were unaware of the restrictions on moving data outside of the EU. This goes hand-in-hand with previous findings that suggest a skills shortage existing amongst cloud-specific competencies, and reinforces the need for this to be addressed.”
Groucutt continued: “It is also worth pointing out that security is not black and white. Organisations will benefit from realising you don’t have to encrypt everything – which according to our research 33 per cent of organisations currently do. Cloud service providers need to do more to help focus organisations on the real issues, like the specifics of when and where encryption is needed, and help them to stop worrying about general cloud security, which often causes unnecessary barriers to adoption.”