UK cloud security savvy ahead of pack say auditors

UK companies have taken more steps to alleviate cloud security risks than firms globally, according to audit and consultancy firm Ernst & Young.

Just under 80 per cent of UK organisations now use cloud computing services, and 57 per cent have implemented cloud security measures, Ernst & Young said in a statement on Monday.

Nevertheless, a significant minority of UK companies – 20 per cent – have not put cloud security measures in place, according to a report by the auditors. Possible mitigations include stronger oversight of the contract management process for cloud service providers, use of encryption techniques, and stronger identity and access management controls, said Ernst & Young.

Globally, the UK is further along the road of cloud adoption and mitigation than other countries. Overall, 59 per cent of global respondents use or plan to use the cloud, and 38 per cent have not addressed cloud risks, according to Ernst & Young's Global Information Security Survey 2012.

However, UK organisations face a number of information security challenges - 88 per cent reported an increase in attacks over the past two years.

In addition, UK firms have concentrated on short-term fixes for security problems, rather than looking at overall threats, due to a lack of people with specialist security skills, said Ernst & Young.

"Since the late 1990's the number of UK-born graduates studying mathematics and science degrees has fallen by almost 70 per cent," said Ernst & Young director of information security Mark Brown.

"This has lead to an increasing shortage in relevant skills and has put the UK's efforts to tackle growing cyber security risks on the back foot. Encouraging the workforce of the future to seek a career in IT and information security is key to a sustainable solution."

Sign up to our newsletters