There is a dire need to restore confidence in cloud services

SME’s across the globe will spend over £6.7 billion moving their data and applications into the cloud in 2011 alone, and that figure is predicted to rise by 12% annually, for the next three years, according to TechAisle.

In the US, TechAisle predicts that 1 in 4 small-business employees will soon switch to cloud-based services.The cost-saving commercial benefits of storing data and applications without the need for hardware or software on a pay-as-you-go basis are potentially huge.

The environmental benefits could be even greater, as revealed in an Accenture study which found that remote data storage can reduce personal energy bills to small businesses by as much as 90%.

And it isn’t just private-sector monoliths like Google and Amazon that have discovered the benefits cloud-storage brings in terms of greater user empowerment. Even the NHS is now trialling a cloud-based service, which will enable patients to control, access and update medical records in real-time.

Yet, as increasing amounts of corporate information is moved into the remote realm of “the cloud”, accessible and alterable in real-time from any location, many UK and European SME’s and Governments fear the resulting loss of control and the potential for catastrophic data breaches.

We live in an age where people work remotely, to be able to work remotely they need access to sensitive information. This information is held on portable devices which, in many cases, do not have adequate protection against device loss and data is unprotected, which extend the risk of data breaches outside the workplace.

Digital Microtrends found that 60% of C-level executives, polled across the Eurozone, are concerned about the security of data stored across mobile devices.

Recent cloud-related security incidents have served to confirm these fears, demonstrating the capacity for data theft to wreak devastating effects on reputations, shattering public trust in public institutions, and harming shareholder and customer confidence in some of the world’s biggest brands.

Nationwide and the Bank of America were left compromised by the exposure of sensitive customer information on stolen laptops, while BP recently reported the loss of a laptop containing the SSN’s of thousands of Gulf of Mexico oil-spill victims.

The NHS has launched an investigation into the loss of a laptop containing eight million patients’ medical records, illustrating the potential effect of data breaches on public trust in Government. And insurance giant Zurich International was hit with a record £2.2 million FSA fine following a data breach affecting 46,000 holders.

In a humiliating twist, it emerged that the Financial Services Authority had itself fallen victim to the loss of 41 laptops and Blackberry’s containing sensitive documents and emails.

A recent Informatica study found 39% of financial companies had experienced data loss or theft. The urgent and growing need for data protection solutions across the channel, has been exacerbated by recent regulatory changes with potentially dire consequences for victims of data theft.

EU rules now compel all companies to reveal data breaches to consumers, while the FSA has levied heavy fines on Nationwide, HSBC and Zurich International for data loss, and the ICO is now equipped with the power to impose £500,000 fines in response to data breaches.

Many UK and European SME’s who would otherwise switch to cloud-based services, are deterred by the fear that security risks outweigh the benefits. So, data held in the cloud must be encrypted to a high standard (AES 256k) – the customer must have the capability to hold the key to that data and that key must be held securely.

With the potential cost-saving benefits of cloud-computing rendered ever more prescient by the eurozone crisis and economic downturn, there is a dire need in the channel for security solutions to restore confidence in cloud services.

In addition, customers must be offered solutions which incorporate PAYG pricing – and the costs of the service must take advantage of the cost savings from cloud technology and that cost saving be passed to the customer.

A joint study by Echelon One and Venafi revealed some frightening indicators of the current lack of any safeguards or recovery plans. The majority of global companies (64%) fail to encrypt any of their cloud data or transactions which will increase the potential of a data breach.

Yet, when allied with the right security technology, cloud-computing provides a golden opportunity for data security, which is currently being missed. Devices which are lost or stolen and that have data stored in the cloud can be restored when the devices go missing.

Even more crucially, in a world of mobile consumer data devices where sensitive corporate information is scattered around myriad moving endpoints, thus multiplying the risks, encryption techniques are necessary to ensure that the data ‘at rest’ on the device is secure as well as having the ability to remotely delete through command or policy set by the organisation.

The ambition is to transform the world of mobile data storage from a security nightmare into a business asset, giving organisations unprecedented control over sensitive information.

The national and corporate security disasters that could have been averted with cloud-based end point protection solutions are endless. When the MOD recently had 340 laptops lost or stolen, they could simply have deleted the files by remote control and recovered the critical data from the cloud.

A full backup would have provided them a necessary audit of what actual files and information existed on the laptops at the time they disappeared. In addition, providing them with a method of retrieving this information to a new device.

Many European companies and public-sector bodies are hugely cautious over cloud-computing, and refuse to store critical information in servers outside their own regional confines. Some will not operate the datacentre outside their own premises.

The challenge is to enable European and UK firms to utilise the benefits of cloud-based services by adapting security solutions to their needs, if these needs require the data to be held regionally then that can be achieved.

End point protection must be adopted by the European mass-market, it will revolutionise the perception of cloud-computing, transforming the world of mobile data storage and secure access and secure storage from a security nightmare, into a great opportunity for businesses to gain control over all their remote sensitive information.

The stakes are high; revolutionising the European outlook on cloud-computing, could enable European SME’s to catch up with their US counterparts in the switch to cost-saving and hyper-efficient cloud services, expanding the market for cloud-security solutions across both continents.

Phil Evans is VP at Datacastle. He has over 20 years of combined sales and business development experience in both North America and Europe. Phil was responsible for setting up the EMEA sales operations for EVault prior to Seagate's acquisition and the creation of i365 and held numerous positions at i365 including Director of Business Development (EMEA) and as VP of Sales for Northern Europe. Phil also served as a Director at a UK storage management company and established the European operations of Professional Services in EMEA for Legato Systems.