A Microsoft commissioned research in Denmark, Finland, Germany, Norway, Sweden and the United States reveals that data protection policies and practices of cloud providers are figuring prominently in U.S. SMBs' cloud-purchasing decisions.
Among the survey's noteworthy findings which involved, "Seven hundred and sixty-nine privacy professionals in the U.S. with an average of 11 years working in IT, compliance, data security, risk management and privacy fields":
- "65 percent of U.S. SMBs surveyed say cloud computing is "important" or "essential" for their organization today, and 81 percent say it will be two years from now.
- 59 percent said the privacy policies of cloud vendors impact their selection of cloud-service providers," Microsoft informs.
"The cloud policies and practices that SMBs care about most include transparency about location of data, segregation of data between customers, and commitments not to mine cloud data for advertising," Microsoft posted.
The research shows that SMBs expect potential cloud providers to prove their commitment to privacy in several different ways:
- "51 percent insist on proof of compliance.
- 43 percent require the completion of a self-assessment checklist.
- 59 percent seek privacy provisions at the contract negotiation and legal review stages."
"This desire for transparency from our customers is one reason we created resources such as the Microsoft Office 365 Trust Center to clearly explain our cloud privacy, security and compliance commitment," said Brendon Lynch, chief privacy officer, Microsoft Trustworthy Computing.
The CSA considers clear service-level agreements, proof of compliance and self-assessment checklists as best practices for conscientious cloud providers. To this end, the CSA created the Security, Trust & Assurance Registry (STAR) to help businesses assess cloud providers' security and privacy capabilities.
"The STAR is a free, publicly accessible registry that documents the security controls provided by various cloud-computing offerings, thereby helping businesses assess the security of cloud providers."