SMBs to cloud storage…promise promise??? In the second annual global survey by Thales and Ponemon Institute, researchers examined small businesses’ attitude towards data protection and encryption in the cloud. Businesses, both big and small, are starting to use of cloud services for handling sensitive information in hoards. The verdict: the majority of small businesses transfer sensitive or confidential data to the cloud and that same majority believe the cloud provider has primary responsibility for protecting that data.

Here is a full rundown of the key findings:

Trust is a lot higher than you might have thought.

• More than half of all respondents say their organization currently transfers sensitive or confidential data to the cloud – an increase of about 10 percent compared with last year’s study.
• More than twice as many respondents say use of the cloud has decreased their security posture (35 percent) than say it has increased (15 percent), but this is an improvement on last year where nearly four times as many respondents said that cloud adoption had decreased their security posture (39 percent) while only 10 per cent said it had increased. The greatest sense of improvement was seen in both the UK and Brazil.

These stats support our own reporting that small businesses are not only adopting cloud storage, but are slowly feeling more confident in their trust of the cloud. The enterprise cloud storage space will likely double over the course of the next 12 months. There many options for the SMB CIO, but the cloud is proving to be the best long-term option.

The responsibility lies with…

• More than 60 percent of respondents whose organizations currently transfer sensitive or confidential data to the cloud believe the cloud provider has primary responsibility for protecting that data and 22 percent believed the cloud consumer to be responsible. However, the pattern is reversed for users of an Infrastructure-as-a-Service (IaaS) cloud offering.
• There was a marked increase in confidence among respondents in the ability of cloud providers to protect the sensitive and confidential data entrusted to them – up from 41 percent (2011) to 56 percent (2012).
• However just over half of respondents say they don’t know what their cloud provider actually does to protect their data – and only 30 percent say they do know. This is an improvement on last year where 62 percent of respondents said they didn’t know what measures their cloud provider took to protect their data.
• Excluding network level encryption tools such as SSL, on a global basis the use of encryption to protect data before it goes to the cloud is 33 percent higher than the use of encryption within the cloud itself. When encryption is applied inside the cloud it is more than a third more common in Software-as-a-Service (SaaS) offerings than other service types however regional variation is considerable.

There’s a plethora of cloud service + storage providers vying for the SMB market. Cloud storage is still in its infancy so the “who” in the “who is responsible for security of the sensitive data” is getting passed around like a recess game of hot potato. Let me be clear too, the cloud is inherently less safe. But the fact remains, it’s where storage is going, so security is feverishly playing catch-up.

Who manages what?

• When it comes to key management there is still no clear picture. In most cases the respondents report that their own organizations look after their own keys however this has declined from the previous year (36 percent and 29 percent respectively) and there is an apparent shift to key management being perceived to be a shared responsibility between cloud user and cloud provider.
• This might point to the growing interest in key management standards – in particular OASIS Key Management Interoperability Protocol (KMIP) – where cloud encryption was identified as the most valuable usage scenario for the new protocol.

The cloud is driving new business models in the enterprise, forcing IT departments and service providers to rethink management standards and protocol. Take for example Centrify Corporation and Dropbox’s partnership to enable secure access for Dropbox for Business. Jack Sepple, Senior Managing Partner, Accenture Cloud, recently said on #theCUBE, “We see every business becoming a digital business.” The standardization of security protocols for the cloud will be a big win for SMBs.

The data center of the future will have to be smarter and more efficient, minimizing management and points of access. Machine to machine communication is a key cog in the small business cloud storage conversation. The shift, which feels more like a double black diamond than a blue diamond requires a bit of explicit “trust” for a small business….is one where SMBs are trying not to get out in front over its skies. We’re at a crossroads that no one saw coming, and it might be a five or six-way stop for small businesses: business management, marketing, security, storage, software, services.