New research by the Cloud Industry Forum suggests SMEs are not getting the support they need to secure their cloud deployments.
A lack of transparency from cloud suppliers on their security practices and vendor lock-in resulting from restrictive contracts is leading many organisations to jeopardise the security of their data, according to managed cloud services provider, Memset. The warning follows recent research by the Cloud Industry Forum (CIF), which revealed that 60% of UK SMEs believe their security and regulatory solutions for cloud-based-services are not as good as they should be.
The research also showed that 51% of SMEs are concerned that their cloud partnerships do not ensure compliance with all global regulations. While concerns over cloud security have declined in recent years leading to widespread adoption, many customers remain uncertain whether their data is being properly protected by their partners.
For Memset, these figures lay bare the challenges that many businesses face when migrating to the cloud and the need for customers to be able to work with the right partners to meet their security needs.
Commenting on the findings, Chris Burden, Chief Commercial Officer at Memset, said: “The fact that 60% of organisations believe their cloud services should be more secure is alarming. This suggests that many are working with the wrong partners and find it challenging to migrate to better suited cloud services. There is lots of ambiguity in the cloud market, with vague and difficult to understand terminology dictating legal rights. This often leads customers to misunderstand what they are paying for and getting ‘locked-in’ to cloud services that do not meet their security requirements.
“Many organisations are sold cloud services with the misconception that their provider will be working ‘behind the scenes’ to ensure organisational security. This is often not the case, and end-user organisations need to secure absolute clarity from their cloud providers about how their data will be protected and know what questions to ask. The self-provisioning aspects of cloud complicate the picture further and make it increasingly challenging for IT teams to keep a firm grip on their data and where it resides. Security also often falls short when customers choose to work with the large, hyperscale cloud services providers without an intermediary, because the platforms are complicated and difficult to safely manage without the right in-house technical skills or experience.
Burden continued: “Greater transparency is needed in the cloud market to ensure customers understand their partners’ security practices, where this data is being held and who has access to it. Licensing contracts should be more flexible to enable customers to switch providers when necessary, in order to receive the best service and ensure confidence in security systems. This helps customers identify any vulnerabilities and seek new partnerships where necessary.
“Managed cloud services are better suited to many businesses as the vendor takes full responsibility for ensuring security. Working with a responsible and highly accredited provider of managed-cloud-services should ensure security and regulatory compliance, allowing customers to simplify their cloud systems and focus on their core business.”