A third of IT security professionals do not keep corporate data in the cloud because of fears of government snooping, a survey has revealed.
Most of those concerned about government surveillance prefer to store sensitive corporate data in their own networks, according to the survey by privileged identity management firm Lieberman Software.
The survey, which was carried out at RSA Conference 2014 in San Francisco, looked at the attitudes of nearly 280 IT security professionals towards cloud security.
It found that cloud applications are also creating problems for IT security professionals, with 75% of respondents indicating that they cause security headaches for IT departments.
“IT managers are aware there is very limited data privacy in cloud environments and they therefore prefer to keep their most sensitive assets on their premises,” said Philip Lieberman, chief of Lieberman Software.
“Another issue is legislation in the cloud and the fact that IT executives do not want governments probing into their corporate data. If a government or official body wants to see what data a company is holding, the cloud host involved is legally obliged to provide them access,” he said.
But John Howie, chief operating officer of the Cloud Security Alliance, pointed out that governments have the same authority to access on-premise data as they do to access data in the cloud.
More on cloud security
“If a government wants access to data and it is stored on-premise, they will simply go to the organisation concerned instead of the cloud service provider,” he told Computer Weekly.
Despite concerns about government snooping in the wake of revelations by whistleblower Edward Snowden, the survey also found that trust in the cloud has increased by 15% in the past year.
In the same survey conducted in 2012, 48% of respondents were discouraged from using the cloud because of fear of government snooping, while 86% preferred to keep more sensitive data on their own premises.
Calum MacLeod, vice-president, Europe, for Lieberman Software, said government surveillance has been around for a long time and should not be a concern for law-abiding individuals.
“Security professionals realise that the major cloud service providers offer very comprehensive security and ultimately their willingness to invest in technology to protect their clients probably offers a more secure environment than offshoring companies,” he said.
Howie said cloud providers typically make huge investments in security, enabling them to offer a level of data protection that few companies can match on-premise.
However, he said, when choosing a cloud provider, companies need to ensure the one they choose is implementing security in a way that meets the client company’s compliance obligations.