Snapshots from a recent Ovum survey make some important points about the adoption of cloud-based services. Over 77% of respondents, ranging across many different countries, state that their organization’s “regulated and sensitive” data will be present within cloud or SaaS-based applications by mid-2018. Ovum believes that part of the reason for this is that some organizations do not have the resources to apply the right protection to this data if it is held internally.
Regulated data is putting owners between a rock and hard place
The need to appropriately protect data is perceived as increasing, and rightly so, Ovum believes. Adding to the pressures arising from the many threats to information security that now face enterprises, those with data from European operations will soon have to face the consequences arising from the EU General Data Protection Regulation (GDPR). With existing and future business plans at risk, many cloud providers will soon have much to do in order to facilitate customers’ compliance with GDPR, but our survey leads to the conclusion that many of those customers probably view having to undertake such compliance efforts themselves as a less appealing alternative. Organizations indicate they have doubts that cloud/SaaS can definitely cover all protection requirements, but in many cases there is a willingness to commit nonetheless to a cloud-based approach, in light of the difficulties of resourcing an in-house program to cover all the bases necessary.
Indeed, far from being able to look ahead with confidence, a fair proportion of survey respondents worryingly do not even currently have in place some of the protection measures that we would see as basic. With EU GDPR likely to be high on executives’ agendas due to a window of only two years to attain compliance after its likely transition into legislation later in 2015, organizations with such a gap in protection capabilities to make up might well trust that the cloud provider sector will do a better job of facing up to its own shortfall in technology (itself a very real one) than they themselves can manage. We believe that this particularly applies to end-user organizations of a lesser scale, because the necessary investment would be proportionally greater in their cases.
Ovum would caution that this approach might well be expedient, but not without risk, and we will provide more analysis soon to prove this point.
Office 365: Trust, Security, and Compliance, IT0021-000083 (May 2015)
2015 Trends to Watch: Security,IT0022-000172 (October 2014)
Alan Rodger, Senior Analyst, Enterprise ICT Management