Almost three quarters (72%) of European businesses accuse cloud service providers of failing to comply with data protection regulations.
The research carried out by the Ponemon Institute for cloud services supplier Netskope revealed that over a half of respondents (53%) believe data breaches are more likely as a result of increased cloud computing. Respondents said they think cloud use triples the likelihood of breaches. Over 1,000 IT and IT security practitioners across Europe were questioned for the study.
It revealed that European organisations were better at securing cloud-based data and apps, with 52% rating their organisation's effectiveness as high. In contrast, the study revealed that only 26% of US respondents believed their organisation was highly effective at securing data and apps in the cloud.
A total of 84% of European businesses doubt that their cloud suppliers would tell them immediately if their intellectual property or business confidential information were breached; and 77% said their cloud providers would not notify their organisation immediately if they had a data breach involving the loss or theft of customer data.
Read more about cloud:
Mark Lewis, outsourcing lawyer at Berwin Leighton Paisner, said that, if these figures were accurate, businesses are being reckless. “If that is what the respondents think, they are culpable,” he said.
Larry Ponemon, founder of Ponemon Institute, said data protection laws and regulations were increasingly coming under the spotlight, particularly in Europe. “I suspect that the low vote of confidence in cloud vendors we’re seeing is due to this heightened scrutiny and a fear of the unknown," he said.
"Overcoming this takes a better understanding of a supplier’s security precautions and how people are using the cloud in the first place. Businesses that demand more supplier transparency and seek efficient methods for evaluating apps and directing usage will find it easier to embrace the cloud and move past this period of uncertainty.”
Proposed EU data protection regulation
A recent study of more than 7,000 cloud services, by security provider Skyhigh Networks, revealed that most cloud providers have not prepared for the proposed European Union (EU) General Data Protection Regulation. The European Commission (EC) plans to replace the EU Data Protection Directive, adopted in 1995, with the regulation, although the timing and final wording remain uncertain.
Only one out of 100 cloud service providers said they are ready for the directive, intended to succeed the older directive to suit the needs of the internet and cloud era. EC commentators predict the overhauled EU data protection regulation will require data controllers (the organisations that own the data), and data processors (such as cloud providers and datacentre hosting companies), to share liability for data breaches and violations of the data protection law. The proposed EU regulation will apply to European businesses that process personal data and businesses outside the EU that monitor EU citizens or process personal data obtained from offering goods or services to EU citizens.