SMBs careful to gauge privacy when selecting cloud providers

23 juillet 2012

Cloud computing continues to gain traction in small and medium-sized businesses (SMBs) for efficiency and cost-cutting reasons, but something else is on companies' minds when selecting a provider: privacy.

According to a study from Microsoft, 59 percent of SMBs select their vendors at least partly on the basis of their privacy and data protection policies. These two issues are sprinkled throughout the policies and practices that SMBs care most about, including location, transparency and data security in cloud computing. Also included were concerns about keeping data separate from other customers and out of the hands of advertisers.

"Not long ago, the IT industry wondered if privacy concerns would prevent [SMBs] from moving to the cloud," Microsoft Trustworthy Computing chief privacy officer Brendon Lynch said. "Instead, SMBs are expressing their interest in data protection by using it as a way to evaluate potential cloud providers."

Keeping compliant
One of the strongest motivators forcing companies to double and triple check that such requirements are met is the necessity of compliance. Another study from nCircle found that 80 percent of respondents across the IT security community are more likely to use a cloud provider that is compliant with the data protection standards of their industry than one that is not.

Depending on the industry, different regulations move to the forefront. However, the Federal Information Security Management Act (FISMA), Payment Card Industry (PCI) standards and Sarbanes-Oxley Act (SOX) were highlighted as the most important regulations to be compliant with when looking for a provider.

SMBs were just as reliant on compliance, as Microsoft found that 51 percent would insist on proof of compliance before joining up with a provider.

Increasingly important
Companies' vocal concerns about compliance requirements indicate that businesses value a secure provider, and are willing to do the leg work to ensure that all questions are answered. In the past, many companies - SMBs in particular - using cloud services blindly trusted their provider to manage security protocols.

In fact, 43 percent of SMBs require potential providers to complete a self-assessment, with nearly 60 percent insisting on the inclusion of privacy provisions when they negotiate contracts with providers.

Sixty-five percent of SMBs now consider cloud computing an important or essential part of their business, according to the Microsoft study. Within the next two years, that number is anticipated to rise to 81 percent of organizations.

-McAfee Cloud Security