Attracted by the opportunity to improve efficiency while cutting IT costs, SMBs are adopting cloud computing, yet they continue to express concerns about privacy in the cloud, according to Microsoft. Consequently, data protection policies and practices of cloud providers are figuring prominently in U.S. SMBs’ cloud-purchasing decisions.
Among the survey’s noteworthy findings:
- 65 percent of U.S. SMBs surveyed say cloud computing is “important” or “essential” for their organization today, and 81 percent say it will be two years from now.
- 59 percent said the privacy policies of cloud vendors impact their selection of cloud-service providers.
- The cloud policies and practices that SMBs care about most include transparency about location of data, segregation of data between customers, and commitments not to mine cloud data for advertising.
“Not long ago, the IT industry wondered if privacy concerns would prevent small and midsize companies from moving to the cloud. Our research indicates that is not the case,” said Brendon Lynch, chief privacy officer, Microsoft Trustworthy Computing. “Instead, SMBs are expressing their interest in data protection by using it as a way to evaluate potential cloud providers. This desire for transparency from our customers is one reason we created resources such as the Microsoft Office 365 Trust Center to clearly explain our cloud privacy, security and compliance commitment.”
The research shows that SMBs expect potential cloud providers to prove their commitment to privacy in several different ways:
- 51 percent insist on proof of compliance.
- 43 percent require the completion of a self-assessment checklist.
- 59 percent seek privacy provisions at the contract negotiation and legal review stages.
“It’s encouraging to hear SMBs asking the right questions of cloud providers,” said Jim Reavis, executive director, Cloud Security Alliance (CSA). “The CSA considers clear service-level agreements, proof of compliance and self-assessment checklists as best practices for conscientious cloud providers.”
Seven hundred and sixty-nine privacy professionals in the U.S. with an average of 11 years working in IT, compliance, data security, risk management and privacy fields took part in the study, which was commissioned by Microsoft and conducted by The Ponemon Institute in April and May. Respondents were not screened according to which products or services they used, or aware of Microsoft’s involvement in the study.