More than half of European IT managers don't fully trust US Cloud

Perspecsys, a leader in enterprise cloud data protection, has revealed a continental cloud divide between the U.S. and Europe, based on data findings from a study it conducted at the InfoSec Europe Conference. Perspecsys surveyed 117 IT professionals to determine that more than half (62%) of organizations believe using a European-based cloud is easier from a regulatory and compliance perspective. More than half (51%) of respondents even claimed that they do not fully trust U.S.-based clouds. The data points to the obvious misconceptions around deploying cloud computing in the states and overseas.

  • Thursday, 22nd May 2014 Posted 10 years ago in by Phil Alsop

This continental cloud divide is evidenced by several instances; for example, last year concerns mounted after revelations of government surveillance programs by the NSA and others. The divide was confirmed again recently with the ruling from a U.S. judge who ordered Microsoft to provide emails to U.S. authorities, even email data that was stored in European-based data centers. Attendees at the InfoSec Europe Conference agreed that it's not a good situation: that fact that a U.S.-based company, despite location of its data center, can be required to hand over data regardless of where it is processed and stored. These are some of the reasons why an increasing number of European IT and security professionals are exploring the role that cloud data control gateways can play in helping them keep sensitive data local and resident within their home jurisdiction, even when adopting U.S.-based clouds.


Key findings from the study include:
· Cloud adoption is widespread -- 80% of InfoSec Europe attendees use some sort of cloud applications
· Many IT departments do not trust U.S.-based clouds:
o 47% believe their data is more secure contained in European-based versus U.S.-based clouds
o 62% believe that negativity toward U.S.-based clouds is justified, based on reports of the NSA having visibility into this data
o 59% do not believe that European-based government agencies conduct practices to the same extent as the NSA


In a study conducted at the 2014 RSA Conference, Perspecsys' findings indicated that companies are not being proactive enough when it comes to protecting sensitive data in the cloud. Solutions that can provide more control of data, even while adopting clouds from around the globe, are becoming popular methods of ensuring higher-levels of security and stricter adherence to compliance standards. This was seen by survey respondents as a critical element of their security program as confidence in U.S.-based clouds continues to fluctuate.


"The common thread throughout the conversations we had at InfoSec Europe was that there are legitimate concerns around the adoption and use of U.S.-based clouds," said David Canellos, CEO of Perspecsys. "The data from our survey confirms that organizations are taking a serious look at their cloud policies and questioning where their regulated data will be more compliant and secure. This issue is not going away anytime soon, in fact -- it's growing."


More than half of the professionals surveyed said they would store at least some of their data in European-based clouds even if data residency and privacy laws did not exist. But increasingly, enterprises are discovering that the Perspecsys AppProtex Cloud Data Control Gateway eliminates the compliance and security challenges associated with data control and access when they adopt the cloud -- regardless of where the cloud provider's data centers are located. The gateway can deploy encryption or the strongest form of tokenization -- a technique particularly aligned with the requirements defined in data residency and sovereignty regulations -- to enable data stored and processed in the cloud to remain fully compliant while ensuring cloud application users to have full use of cloud functionality such as searching, sorting and reporting on sensitive information that has been protected -- that allows companies to retain absolute control over confidential data and intellectual property.