Govt snooping fears deter cloud adoption

IT experts are deterred from keeping sensitive data in the cloud because of fear of government intervention and possible legal action.

This is according to a new survey from Lieberman Software, released last week, which discovered that almost half of the experts have such concerns about cloud computing.

The survey, which looked at IT and cloud experts' attitudes to storing data in the cloud, revealed that government and legal interference puts 48% of respondents off from entering the cloud environment.

According to Lieberman Software, these figures highlight that IT managers are deterred from the cloud because they are unsure if their organisations' sensitive data is adequately protected and will, therefore, pass IT security audits or government regulatory checks, which hosted cloud environments are subjected to.

Commenting on the research, Philip Lieberman, president and CEO of Lieberman Software, says: "There are a number of reasons why IT experts might be apprehensive about storing corporate data in the cloud. However, in my opinion, the key issues are around government surveillance, cloud legislation and data security. IT managers fear they will put their data at risk by moving to a cloud provider as they are unsure they will keep the data properly protected, which could ultimately affect their jobs and their businesses.

"The other issue is around legislation in the cloud and the fact that IT managers do not want governments snooping around in their corporate data. If a government or official body wanted to see what data a company was holding in the cloud, the cloud host involved would be legally obliged to provide them with access. This means there is very limited privacy in cloud environments. IT managers know it is much easier to hide data within their own private networks."

According to Craig Albertson, head of cloud services at Accenture SA, some countries, like the US, which has laws such as the Patriot Act, can snoop on information they deem harmful to the nation.

Thus, he noted this can affect South African organisations that might be keeping their information beyond the borders, especially in countries with such legislation.

However, in SA, he noted there are very slim chances, if any, of the government snooping on information sitting in the cloud.

"Government's ability to snoop on the information is so low that this cannot be a limitation to trust in cloud computing. At the moment, I would say the South African government is more concerned about protecting its own information," Albertson says.

Mark Smissen, business development manager for Symantec.cloud, says it is important for organisations placing data in the cloud to consider the safety of that data.

"Without the correct safety measures in place, the data is at risk. So it is important for organisations to look very closely at the credibility of the vendor and the SLAs around the security of the data. There should be standard legal, data control and management procedures in place with the vendor to ensure the utmost security around customer data."

He notes these controls will ensure that only customers have access to their data, unless the customer agrees to provide access to a third party.

According to Smissen, organisations need to take a number of factors into consideration when they are planning a move to the cloud, as well as the legal implications. Security, availability and the ability to electronically discover the data is key among these considerations, he points out.

"As an example, one of the key reasons we see companies seeking out an archiving solution is to achieve better compliance. Any business looking at storing data in the cloud will need to ensure the maximum in security, access, compliance and control of that data. According to our Symantec State of Cloud Survey, 60% of organisations in SA are mindful about meeting compliance requirements in the cloud, while 59% are concerned about being able to prove they have met cloud compliance requirements."

Businesses need to carefully consider their cloud providers as a start, he also urges. "Is the provider reputable? Does the provider have the credibility and solutions that will help their business comply with existing regulatory frameworks and the legal requirements of the future?

"We recommend that businesses do their homework and look at whether or not the cloud vendor complies with the best practices around international security standards and compliance standards," Smissen concludes.