IDC figures and EU regulations point towards an increased need for vendor transparency

Cloud Services Providers (CSP) should be prepared to bare all in order to help foster the upward trend of cloud adoption.

  • Wednesday, 23rd July 2014 Posted 10 years ago in by Phil Alsop

Recent data from the International Data Corporation (IDC), which reveals that worldwide public cloud revenue reached £26.7 billion in 2013, is a good indication that cloud computing has reached mainstream technology adoption, and will continue to grow over the next few years.


However, recent reports that European ministers are looking into common rules for data protection mean CSPs are likely to be examined closely to determine how they handle the transfer of data through Europe – and the rest of the world. If poor processes are found to be in place, then the potential for restrictive regulation could slow adoption and innovation. CSPs across the market should take steps to make services transparent and to have relevant accreditations in place, advises UK-based Outsourcery.


Barry Holder, Information Security and Compliance Manager at Outsourcery explains: “IDC has recently predicted that the cloud computing market will increase by 23 per cent by 2018, and while we agree that there is likely to be an increase in the adoption of cloud services, CSPs must be in a position to show exactly how and where the data of their clients is handled and stored if they are to capture part of this growing market. This should already be a priority, but with the EU beginning to examine processes involving the transfer of data and the UK Government looking to pass the Data Retention and Investigatory Powers Bill it may be something that CSPs, and consequently end-users, could be impacted by if new legislation or regulations are announced.”


Holder continues: “In light of this, it is more important now than ever before for CSPs to make their services transparent and to make sure they are certified against the relevant industry accreditations. The Cloud Industry Forum’s (CIF) Code of Practice is one example of a certification that enables CSPs to demonstrate that they meet specified standards around transparency, accountability and capability, whilst also giving CSPs benchmark best practices for how they should be handling information. The ISO 27001 standard is also an excellent foundation for CSPs looking to understand the data they hold and implement the relevant Information Security controls.


“The way data is handled in both private and public cloud is up for scrutiny so all CSPs, whatever they offer, need to be in a position to continue pushing forward the market by doing their bit, and not risk holding it back. This will ensure CSPs are in the best possible place to take advantage of the systemic market shift towards cloud demonstrated by the IDC’s latest research”, Holder concludes.