Business leaders ignore responsibility for data in the cloud

Eighty-eight per cent of business leaders in the UK believe that they relinquish responsibility for data security when it is stored in the cloud, according to new research from storage and information management company Iron Mountain. Despite the fact that EU law places accountability for lost or compromised data firmly in the hands of the owner, three quarters (76 per cent) think that any threat to their data would cause greater reputational damage to their service provider than to their own company.

The study shows that business leaders are convinced that they take a responsible approach to cloud storage, with 88 per cent of those surveyed saying they exercise due diligence when it comes to choosing cloud storage suppliers. However, with a fifth (19 per cent) of respondents looking to implement a cloud-only storage model for all their data, the lack of understanding around issues of accountability and risk could leave firms financially and operationally exposed if data is lost or compromised.

The Iron Mountain study questioned IT, finance and legal decision makers in mid-to-large businesses across the UK, Spain, France, Germany, the Netherlands and Hungary. It found that cloud-based data storage is an immensely popular option for firms, with 86 per cent of UK business managers surveyed saying they had moved or planned to move data to the cloud in the next 12 months.

“Businesses need to understand and accept responsibility for their information, wherever it resides,” comments Christian Toon, head of information security for Iron Mountain Europe. “Cloud storage is attractive in terms of flexibility, access and cost-effectiveness. However, it does not replace the need for a comprehensive archive and backup strategy. Companies would be better advised to take an approach that combines the benefits of cloud and the offline protection of magnetic tape technology.”

Iron Mountain has prepared a seven-point check list to help firms reduce risk when information is moved to the cloud:
· Find out exactly where your data will be stored, who has access to it and whether it will or could be moved. This is vital for ensuring data security and integrity. Some data, for example HR records, cannot legally be moved across international boundaries.
· Consider the physical and IT infrastructure of your provider’s data centre. How secure is the building? Where does the provider source IT equipment such as servers and cables? Equipment can arrive infected with malware or otherwise compromised and this could pose significant implications for all hosted data.
· Don’t forget the people. You need to trust the people who handle your information. Does your cloud provider have a rigorous vetting processes and security training in place for all employees?
· Look for evidence of business continuity planning. Will your data be safe if something goes wrong? Does the provider have service recovery measures in place such as failover and redundancy, or back-up generators to minimise the impact of power failure?
· Size matters. How much data are you trying to store? Attempting large-scale restoration from the cloud can be problematic. Moving information to and from the cloud requires large bandwidth. You’re better off restoring from tape if you are working with volumes in excess of 20GB.
· Don’t put all your eggs in one basket. Depending on a single solution may mean that your back-up fails when you need it most. Build a tiered-approach that combines cloud, tape and disk storage so that you are prepared for any eventuality.
· Safeguard sensitive information. The cloud may not be the best option for storing highly sensitive, unique or legally restricted data such as intellectual property, HR records or financial plans. These information types might be safer if stored in hard copy or on back-up tape or disk.