It seems that the United Kingdom (UK) is a little slow in joining the cloud party. Research shows it lagging behind the rest of the world in terms of cloud adoption, largely due to fears over data protection. This is not surprising given that the UK, and the entire European Union for that matter, take data privacy very seriously.
With the Edward Snowden revelations still fresh on our minds, it’s also not surprising that several European leaders have called for the US to fix problems they have identified in the EU-US Safe Harbor agreement, which allows US companies that self-certify compliance to specific security principles to transfer personal data from the EU to US.
What is a bit shocking is that data privacy concerns in the UK do not necessarily equate better data security. In fact, many European companies don’t seem to take data security quite as seriously as would be expected. The lack of urgency with which UK firms, in particular, address data protection is even deemed alarming in a study by the country’s Department for Business, Innovation and Skills.
Cyber-risks Low on UK Priority List
The study shows that only 14 percent of the FTSE 350 (the share index of the top 350 companies listed on the London Stock Exchange) actively monitor cyber-risks and plan for how they’ll deal with security breaches. The results were similar in research conducted by Vanson Bourne on behalf of BT Security, in which 500 IT leaders in the UK, US, France, Germany, Brazil, Hong Kong and Singapore were surveyed. Among the UK respondents, only 17 percent cited cyber security among their top priorities compared to 41 percent in the US.
Maybe UK executives just don’t understand IT security. In the study cited above, respondents reported that IT security training was only provided to 37 percent of UK executives compared to 86 percent of US executives. Perhaps the founder of Simplexo, a UK-based technology company, nailed it in a press release his company distributed when he cited arrogance as one of the primary reasons so many UK companies are reticent to make cybersecurity a priority.
Or maybe it’s simply a matter of the UK underestimating cyber-threats ─ or the US overestimating them. With the Target breach still be top-of-mind, the latter is unlikely. And let’s face it. The UK has not exactly been immune to cyber-attacks. Just recently, 2,000 customers of Tesco, the UK’s largest supermarket, had their personal information posted online thanks to hackers. In 2012-2013, the Information Commissioner’s Office (ICO) issued 20 monetary penalties for breaches totaling £2.6 million, a significant increase from £791,000 assessed nine organizations the previous year.
Security Awaits in US Cloud Services
So what will it take to get UK companies to take their own data security as seriously as they take international data privacy ─ and for more of them to take advantage of the many benefits that cloud computing offers?
Looking at US-based cloud services providers (CSPs) may be a good place to start. Granted, NSA snooping has made many non-US companies hesitant to put their trust in US-based CSPs and data centers. But US CSPs don’t want to lose out on prospective business. With cloud adoption numbers still low in the UK, there’s a lot of prospective business to lose. That means many US CSPs are going to up their security measures in an attempt to win the trust and business of non-US companies, as well as keep current US and non-US companies happy. With the media laser-focused on the issue of data privacy, few CSPs will dare to cut corners. Those that do won’t survive the scrutiny of non-US or US-based prospects.
More US CSPs will also be undergoing audits to demonstrate their compliance with various regulatory requirements and legislative acts, most of which require adherence to rigorous security and privacy standards ─ HIPAA and PCI, among them. The best companies for non-US firms to consider will be those that have successfully served customers with high-level security and privacy needs: healthcare organizations, financial services organizations, companies that handle credit card information, insurance companies, government and military departments, to name a few.
In addition, the US is home to some of the top IT security companies, boasting leading-edge technologies. Smart CSPs are partnering with these firms to ensure that they have access to the latest and greatest in order to provide optimal data security and privacy to their customers.
For UK companies that haven’t fully embraced the importance for data security, partnering with US CSPs may be a big help too. In addition to protecting their data in the cloud, many of the UK companies will also be able to take advantage of managed security and consulting services offered by reputable US-based CSPs, so they can implement or augment their own IT security measures.
As far as government-sponsored data snooping, American companies don’t like it either and will be doing their part to reduce the potential for any more of it. After all, the US does like its’ privacy rights. Our Fourth Amendment says so.