Over 40% of IT professionals are not aware of the Information Commissioners Office guidance on cloud computing according to research by CipherCloud
London, UK, Thursday 6th December, 2012 – A new survey of 300 senior IT professionals highlights a worrying lack of awareness of the Information Commissioner’s Office (ICO) guidance and recommendations on cloud computing, with over 40 per cent of professionals admitting they are unaware of them. Of those IT decision makers that are of aware of the ICO guidelines, less than 27 per cent admit their organisations are compliant.
CipherCloud, the leader in cloud information protection, commissioned the independent survey of 300 IT professionals across key industries including financial services, healthcare, and government between 15/11/2012 and 23/11/2012 by Opinion Matters. The survey was targeted at leading enterprise organisations in the UK.
Despite the fact that the ICO’s guidelines – outlining the responsibilities of organisations when storing data in the cloud – were only published in October of this year, the percentage of senior IT professionals that claims to be aware and informed is surprisingly low.
With responsibility for data security now residing with the company that owns the information, not the cloud provider or cloud services company taking care of it, CipherCloud advises businesses to get to grips with the relevant legislation and the steep fines that are being levied at those found to be non-compliant.
“UK IT professionals need be aware of the fact that regulatory non-compliance penalties could be as much as half a million pounds," according to Richard Olver, Regional Director of EMEA at CipherCloud. "It’s clear that businesses are confused or even complacent about regulation, legislation, and compliance when storing data in the cloud and are largely unaware of their responsibilities.”
When asked how well they understood the latest ICO guidelines, the study found that IT professionals responded:
- Not at all aware – 41 per cent
- Somewhat aware – 15 per cent
- Aware and are partially compliant – 11 per cent
- Aware and compliant – 27 per cent
- Aware and don’t know whether they are compliant – 4 per cent
When it comes to protecting their data in the cloud, just 29 per cent of senior IT professionals rely on their cloud application provider, according to the survey, while 28 per cent implement their own internal controls.
Notes for editors:
Additional findings from the survey
When questioned about what cloud threats most concerned them, senior IT respondents indicated the following in order of priority:
- Data leakage – 50 per cent
- Account, service and traffic hijacking – 40 per cent
- Malicious insiders at cloud providers – 31 per cent
- Shared technology vulnerabilities – 27 per cent
- Insecure programming interfaces – 26 per cent
- Unknown risk profiles – 20 per cent
- Unconcerned about cloud threats – 18 per cent
When asked about calculating the cost of a security breach– in terms of compliance fines, contractual breaches and reputation losses, senior IT respondents gave the following responses:
- Don’t know – 44 per cent
- Over £300 (per data record) – 1 per cent
- Between £201 and £300 – 8 per cent
- Between £101 and £200 – 15 per cent
- Between £50 and £100 – 26 per cent
- Under £50 – 6 per cent
When asked about current use and future implementation of cloud-based applications:
- Business tools, (sales, marketing, HR and procurement) are being used by 23 per cent with a further 24 per cent planning to migrate
- Data storage and archiving is already being used by 30 per cent of companies with a further 28 per cent looking to adopt a cloud-based approach in the next 1-12 months
- Collaboration tools (e.g. Dropbox, Box) are being used by 29 per cent with 28 per cent planning to migrate over the same time period
- Communications applications (e.g. email, contacts calendars) are being used by 29 per cent of businesses with a further 21 per cent planning to migrate
- Internal applications and portals (e.g. travel and finance) are being used by 16 per cent with 30 per cent migrating in the next 1-12 months
European legislation is expected to address cloud security in 2013/2014 as the EU Data Protection Reform is scheduled to move into legislation. Recently published Information Commissioner’s Office (ICO) guidelines underline that companies remain responsible for personal data, even when passed to cloud network and services providers. Organisations failing to protect private data can be fined up to £500,000 per incident by the ICO
UK Government is tasked with moving 50 per cent of government’s ICT to the cloud by 2015
Gartner estimates that by 2016, 25 per cent of all enterprises will use a cloud encryption gateway to secure one or more cloud services – up from less than one per cent today.
About the research company:
All research conducted by Opinion Matters adheres to MRS Codes of Conduct (2010) in the UK. Within these parameters there are guidelines that ensure all research is carried out in a professional and ethical manner. Furthermore, as members of ESOMAR and AIMRI, Opinion Matters abide by the ICC/ESOMAR International Code on Market and Social Research.
Opinion Matters is registered with the Information Commissioner’s Office and is fully compliant in accordance with the Data Protection Act. The company is also certified under Quality Assurance Scheme IS0 9001.
CipherCloud, a leader in cloud information protection, provides cloud encryption and tokenisation gateways to enable organisations to securely adopt cloud applications by eliminating concerns about data privacy, residency, security, and regulatory compliance. CipherCloud’s groundbreaking gateway encrypts sensitive information in real-time, before it's sent to the cloud, using operations-preserving encryption and tokenisation technology without impacting usability or application in any way.
The CipherCloud product portfolio supports popular cloud applications out-of-the-box such as Salesforce, Force.com, Chatter, Google Gmail, Microsoft® Office 365, and Amazon AWS. Additionally, CipherCloud Connect AnyApp and Database Gateway enable organisations to extend data protection to hundreds of 3rd-party cloud and private cloud applications and databases.
Recognised by Gartner as a Cool Vendor in Cloud Security, CipherCloud is backed by premier venture capital firms including Andreessen Horowitz, Index Ventures, and T-Venture, the venture capital arm of Deutsche Telekom. For more information, visit www.ciphercloud.com and follow us on Twitter @ciphercloud
For further information, please contact:
t. +44 (0)845 557 6736
m. +44 (0)7766 257776