UK businesses are being urged to conduct proper due diligence on their cloud storage and backup providers, or run the risk of falling foul of data protection regulations. Research by the business has found that 70% of Cloud Backup providers do not reveal which country, general locality or legal jurisdiction customer data is stored within.
With daily cyber crime and cyber espionage having escalated by 24% in 2012, businesses need to be confident they know exactly where customer or employee data is physically being kept. If this is not the case companies could risk breaking the Data Protection Act 1998.
The law specifically states that companies need to keep information secure and that data should not be transferred to countries outside the European Economic Area unless it is adequately protected.
The Information Commissioners Office (ICO) has clearly shown it is now prepared to fine any organisation not taking these data protection responsibilities seriously after issuing fines totalling £1.8m for data security breaches over the last year – up from £431,000 in the previous year.
Cloud storage has provided businesses with viable and economical solutions to the challenges of huge data growth and unlocked access to offsite disaster recovery facilities.
However, it may suit a data centre company to store data in countries where costs may be lower but research by the Business Software Alliance (BSA) has shown many countries do not have the same regulatory governance in place as the UK in regards to data protection.
The BSA’s Global Cloud Computing Scorecard ranks many of the major growth economies such as India, Brazil and China particularly poorly in comparison to the UK, which is ranked sixth in the world.
Icomm Technologies, Ian Callens, said: “Companies need to ensure they know where business critical data is being held to avoid the risk of cyber espionage, crime, illegal copying, sharing and selling of their data to third parties. Exposure could yield fines.
“Our research has shown the frightening scale of cloud backup providers that are not forthcoming in sharing even basic geography of where data is stored. This suggests most users of cloud backup aren’t concerned or even asking the question of data location as part of their due diligence.
“Equally, it suggests many providers are hood-winking customers by not proactively revealing where data is located and many are operating under the false perception that their data is protected under UK jurisdiction when, in fact, it isn’t.”
Research firm IDC has also urged CIOs to ensure due diligence is conducted when selecting a cloud service provider, having found 30% of suppliers currently in the cloud market will be out of business by 2015.