Enterprise IT managers worry about cloud security

UK regulator reinforces concerns, warning that firms face fines for data mishandling

Whether it is a regulator threatening fines or a CEO fuming about a data breach, IT managers are well aware of the enterprise security risks of adopting cloud computing.

The latest news to drive home this point was a recent statement by the UK Information Commissioner's Office (ICO) that companies face fines if they do not secure customer data held by third-party cloud providers.

UK companies are responsible for securing customer data whether they store it internally or externally, the ICO stressed.

"The law on outsourcing data is very clear. As a business, you are responsible for keeping your data safe. You can outsource some of the processing of that data, as happens with cloud computing, but how that data is used and protected remains your responsibility," said Simon Rice, ICO's technology policy advisor.

ICO said it will penalize companies that do not protect data, even if the fault lies with a third party. It recently fined the Scottish Borders Council £250,000 for failing to adequately manage a third party that was digitizing its pension records. The council did not have a contract with the third party and had not performed the required security checks.

IT managers do not need ICO or any other regulatory body to tell them how important data security is in the cloud. According to an Intel survey of 800 IT managers worldwide, a full 87 percent of respondents said they were very or moderately concerned about security and data protection in the public cloud environment.

In addition, 28 percent of IT managers whose companies had adopted a public cloud computing environment have had a security breach. Sixty-five percent said the risk of a data breach with a cloud service provider is higher than with data stored in their traditional IT environment.

Cloud computing will continue to pit IT departments against departments interested in the cost and efficiency benefits of using the cloud. Enterprises should not ignore IT's security concerns in their rush to adopt the latest in cloud computing.

For more:
- see ICO statement
- check out the Intel survey

Related Articles
Infonetics: Cloud-based security will jump to $18M market by 2016
Data center virtualization fuels security concerns