Businesses are conducting more due diligence on cloud suppliers and demanding more localised storage of their data in the wake of reports about US surveillance activities, according to a new survey.

One in six businesses are also either delaying or cancelling cloud computing contracts in light of revelations about the alleged communications surveillance activities of the US National Security Agency (NSA), as leaked to the media by whistleblower Edward Snowden, according to the survey.

NTT Communications commissioned a survey of 1,000 IT decision makers from the UK, France, Germany, Hong Kong and the US earlier this year into attitudes to cloud computing post-Snowden. Of the respondents, 60% came from businesses with at least 1,000 employees from across the financial services, retail, manufacturing, professional services, IT and energy sectors.

"This report paints a picture of ICT decision-makers who wish to protect their company’s data even if it means delaying cloud computing projects that could deliver them much-needed flexibility and performance gains," NTT Communications said in its "NSA after-shocks" report (11-page / 761KB PDF). "[Businesses] want to guarantee the sovereignty of their data and reap the benefits of cloud computing. But they can only do so if they can specify exactly where and how their data is stored in the cloud."

Last summer former NSA contractor Edward Snowden began leaking details about the alleged scale and scope of the surveillance activities undertaken by the NSA. The information, which Snowden shared with the UK's Guardian newspaper among other global media outlets, has suggested that the NSA has had the capability to access data stored by some major US-based technology companies, including Google and Microsoft. The companies have denied giving 'back door' access to the information stored on their servers.

According to NTT Communications' report, 31 per cent of IT decision makers have decided to move their business data "to where they know it will be safe", following the Snowden coverage. More than half of the respondents (52 per cent) said their business was now conducting "greater due diligence on cloud providers than ever before".

"Keeping data in their own country was most important to German ICT decision-makers (32 per cent of respondents agreeing), followed by the UK (24 per cent) and France (23 per cent)," the report said. "By contrast, only 16 per cent of US respondents, and 17 per cent in Hong Kong took the same view."

More than a third of businesses (38 per cent) have also altered the procurement conditions they set when seeking a cloud provider following the Snowden revelations, according to the report, whilst 62 per cent of non-cloud users said that the leaks "have prevented them from moving their ICT into the cloud".

The survey also revealed raised concerns about data protection among businesses.

"Nearly three-quarters (72 per cent) of ICT decision-makers polled said they would revisit every cloud and hosting arrangement to ensure data protection, if they had the necessary time and resources," NTT Communications' report said. "Almost nine in ten (86 per cent) of US respondents held this view, as did three quarters (75 per cent) of French respondents. German, UK and Hong Kong respondents agreed but less so (65 per cent, 62 per cent and 62 per cent respectively)."

"The Snowden revelations have also made ICT decision-makers more aware of the need to have detailed knowledge of data protection rules. 84 per cent of ICT decision-makers globally believed they need training on data protection laws and security rules in the territories their businesses operate," it said.

Last year a US think tank said that US cloud providers could lose between $21.5bn and $35bn over a three year period in the wake of the Snowden revelations.

Copyright © 2014, Out-Law.com

Out-Law.com is part of international law firm Pinsent Masons.