Courtesy navigation

News

December 07, 2012

IT professionals 'unaware' of cloud regulations

Worryingly, more than 40% of IT decision makers say they are 'totally unaware' of the Information Commissioner's Office (ICO) guidance and recommendations on data security and cloud computing.

Of those that are aware of the guidelines, less than 27% say their firms are compliant, according to an independent survey of 300 senior IT professionals commissioned by CipherCloud.

Published in October 2012, the ICO guidelines outline the responsibilities of organisations when storing data in the cloud. Critically, businesses seem unaware that responsibility for data security now resides with them – the company that owns the information – not the cloud provider or cloud services company.

"UK IT professionals need be aware of the fact that regulatory non-compliance penalties could be as much as half a million pounds," said Richard Olver, regional director of EMEA at CipherCloud.

"It's clear that businesses are confused or even complacent about regulation, legislation, and compliance when storing data in the cloud and are largely unaware of their responsibilities."

When asked how well they understood the ICO guidelines, the study found:

  • 41% are not at all aware
  • 15% are somewhat aware
  • 11% are aware and are partially compliant
  • 27% are aware and compliant
  • 4% are aware and don't know whether they are compliant

Asked about the threats from the cloud, 50% cited data leakage and 40% mentioned account, service and traffic hijacking, but 18% claimed they were unconcerned about cloud threats.

Commonly used cloud services included business tools, (sales, marketing, HR and procurement) used by 23%, data storage and archiving being used by 30%, collaboration tools such as Dropbox being used by 29%, and communications applications being used by 29% of businesses.

In addition, another third of respondents were planning to migrate these services to the cloud in the coming year.