A recent global study commissioned by NTT Com Security (formerly Integralis) has shown that adoption of cloud computing in the UK is slower than in most other countries. The principal reason behind this reluctance is fear over data protection and compliance issues.
Privacy is certainly a hot topic and discussions around data protection legislation and regulation continue as the UK awaits finalisation and passing of the new EU Data Protection Regulation, which will replace the 1995 EC Data Protection Directive. A single, unified law for EU members seems sensible, but obviously when multiple parties are involved the process can take longer. These protracted conversations are being reflected in the slow uptake of cloud services across UK enterprises. It has been reported that the UK is purposefully obstructing the reforms, which include legislation that would limit the ability of surveillance agencies to access online data. It is also thought that Parliament is anxious of such a power transfer between the UK and Brussels.
The global average for non-adopters is 14% while in the UK this figure is currently 22%, and a staggering 30% of respondents reported that their business never intend to make the transition. The concern is that the UK may start to fall behind other countries, which could put it at a business disadvantage when compared to countries that are embracing the technology, such as the USA and Canada. Hopefully this growth barrier will shrink once the new legislation is agreed, but the research does at least show cloud service providers and their regulators that investor relations marketing is a key area they need to concentrate on in order to gain increased buy-in from UK enterprises.
What steps can cloud service providers take to reassure UK enterprises and aid investment in the technology?
1. Risk Assessment
Security and compliance are among the top concerns among adopters and non-adopters alike. Providers must be familiar with the legislation for each country and categorise data accordingly. Completing regular risk assessments to identify any potential vulnerabilities will aid compliance and security requirements.
2. Crisis Management
Even with regular risk assessments it is still possible that providers may encounter outages and security breaches. A structured contingency plan to counter any such issues will ensure cloud hosting companies can handle crises quickly and efficiently, and with minimal disruption to service. The plan should be reviewed on a regular basis to ensure it is optimised for relevancy and effectiveness.
Transparency is a key element of instilling confidence in both new and existing customers, and indicates that security and data protection are factors of paramount importance to the provider. In addition to compliance with internal and external regulations, providers must also supply evidence of that compliance to regulating bodies and auditors.
There is little doubt that cloud computing can bring great benefit to enterprises across multiple sectors. The sooner an agreement is reached in Brussels, the better it will be for cloud service providers to increase that lagging uptake across the UK.