Security has take another knock as a prime barrier to the adoption of cloud computing.
A survey commissioned by Microsoft (whose involvement was not revealed to the respondees) found that small to medium-sized businesses might gain a fair amount from adopting cloud computing. The survey, conducted with organisations in Hong Kong, India, Malaysia, Singapore and the USA, reckoned that most organisations viewed a move to the cloud as positive - but that they saw the cloud provider as responsible for the security of their information.
The company said: "32 percent say they spend less time worrying about the threat of cyberattacks. U.S. SMBs using the cloud also spend 32 percent less time each week managing security than companies not using the cloud. They are also five times more likely to have reduced what they spend on managing security as a percentage of overall IT budget."
A Microsoft blogger on the company's Trustworthy Computing site said that results from more surveys held in different geographies was due soon.
There's a number of questions here, not least of which is what the respondents assumed was the meaning of security. Did they mean backups and disaster recovery, which many small organisations might rightly view as security, or do we mean what the security industry means, ie freedom from attack by unauthorised individuals and software? I suspect the latter but there may be room for doubt.
However, this also raises the question of who is responsible for their data. Contrary to respondees' assumptions, a cloud provider will only secure your data if you pay for that service, and it's unlikely that an SMB would do so unknowingly.
That said, I'm somewhat sceptical these days, given the numbers of SMBs using cloud services -- they've been much faster than larger organisations in doing so -- whether data security is as big an issue for SMBs as many assume. Experience teaches us that convenience and cost trump security every time, so offloading to the cloud is more likely to be seen as a cost benefit to cash-strapped SMBs than a security risk.
I'd further hazard a guess that many small businesses are more likely to assume, incorrectly, that their data is not important enough to warrant an attack, a view stemming from a misunderstanding of the nature of the threats out there.
It'll be interesting to see the results of surveys from other areas but, in times of economic turmoil, I suspect they won't be very different.