This is the conclusion of Philip Lieberman, President and CEO of Lieberman Software, following a survey of IT managers at last year’s Cloud Security Alliance (CSA) Congress. The survey found that while 88% of respondents believe that their move to the cloud had been successful, almost the same number (86%) did not include sensitive data which they preferred to keep on their own networks.
Lieberman believes that there are three primary reasons for this. “The key issues,” he explains, “are around Government surveillance, cloud legislation and data security.”
Concern over security is one of the most persistent worries about cloud computing. The reality is that for most companies cloud providers will provide greater security than would be affordable or achievable from in-house sources. Nevertheless, the doubts persist: “IT managers,” said Lieberman, “fear that they will put their data at risk by moving to a cloud provider as they are unsure they will keep the data properly protected, which could ultimately affect their job and their business.”
This general concern over security overlaps specific concerns about government legislation. Compliance with legislation such as the EU data protection laws is a difficult and controversial issue. Since the data controller –that is, the company and not the cloud – retains liability for personal data; and since there are doubts over whether the cloud is completely secure, companies are solving the problem by keeping their more sensitive data out of the cloud.
“The other issue is around legislation in the cloud,” said Liebeman. “IT managers do not want governments snooping around in their corporate data. If a government or official body wanted to see what data a company was holding in the cloud, the cloud host involved would be legally obliged to provide them with access.” The high profile examples of the FBI taking down MegaUpload and confiscating all – including legal data held in New Zealand – last year, together with its subpoena against Twitter for the personal data of foreign nationals such as the Icelandic member of parliament Birgitta Jónsdóttir shows the length of government reach.
“This means,” concludes Lieberman, “there is very limited privacy in cloud environments. IT managers know it is much easier to hide data within their own private networks.”