Cloud computing needs British Kitemark equivalent

Cloud service validation is currently "exceptionally difficult"

Cloud computing has no established rules

The problem with cloud services is that there is no British Kitemark establishing rules around data storage, meaning companies have to establish their own private risk analysis, according to Ron Brown, director of cloud computing services at Mitsubishi UFJ Securities.

Brown, who was speaking at a session entitled In Cloud We Trust at the Cloud Computing World Forum at Olympia Conference Centre in London, went on to say that trying to validate cloud services was exceptionally difficult.

He said that cloud providers are reluctant to give audit details of their storage set-up partly because of the proprietary nature of their product – meaning they would be reluctant to give away commercial details, and perhaps because they are scared of showing that they are not taking proper precautions.

Speaking on the same panel discussion, Iain Bourne, head of data protection projects at the ICO, said end users need to be presented with dos and don'ts around security and cloud computing. He said: “We will prosecute companies that don’t secure their data properly. This has the extraordinary effect of focusing the minds of CIOs.”

When asked what suggestions they would make to the industry around cloud and security, Bourne said: “We need a good set of contractual rules around the provision and purchasing of cloud services. They would detail what is happening to the information and where it is being kept.”