More than half of organisations that outsource their IT to a cloud service provider are concerned about whether their data is going to be located at home or abroad, and see this as an important consideration in deciding which provider to work with, according to new research by Claranet. While encouraging, this suggests that a sizeable minority may be failing to fully appreciate the potential implications of data sovereignty, and highlights the importance of asking providers the right questions, says Claranet’s UK Managing Director Michel Robert.
52 per cent of organisations that have migrated at least one IT function or application to the cloud described data sovereignty as a concern. This is up from 47 per cent last year.
“Heightened concern about data sovereignty is perhaps not surprising in the current climate, especially in the wake of recent revelations about the NSA’s Prism surveillance initiative. But, there is still a need for education as to the importance of having clarity and control over where and how your organisation’s data is being stored,” Robert said.
“Different data sets will, of course warrant different levels of consideration about where they are located, depending on importance, access, sensitivity, and regulatory requirements. But, even if organisations trust their providers to store data in a safe, compliant fashion, they should not be doing so blindly. They need to be asking potential providers the right questions about where their data will be held, and what this means for the security and accessibility of that data by third-parties in the country of storage and beyond.”
Claranet’s third annual survey into cloud adoption trends also revealed that 83 per cent of organisations believe security expertise to be an important factor in determining their choice of cloud service provider. 81 per cent indicated that their ability to trust a provider was important.
“It is no surprise that such large numbers regard security expertise as so important. After all, any CIO or IT manager in a data-driven organisation that isn’t concerned with security probably isn’t doing their job properly. But security and sovereignty should go hand-in-hand, and the disparity between perceptions of the importance of these two factors does perhaps show sovereignty to be something of a blind spot for end-users,” Robert said.
“Ultimately, outsourcing your IT does not equate to outsourcing the responsibility for what happens to your data – however much you trust your provider. Trust has to be earned, and organisations must ensure they are asking the right questions of providers,” he concluded.