HONG KONG, May 14, 2015 – The Internet Society Hong Kong and the Cloud Security Alliance Hong Kong and Macau Chapter today jointly announced results of the second year- “Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security & Privacy Readiness Survey.” The report reveals more than 80% of surveyed SMEs have already adopted cloud services to varying degrees. This resulted in a significant climb compared to the 50% adoption rate among SMEs in 2014.
In addition, more than 50% of the SMEs that adopted cloud services believe their Cloud Service Providers (CSPs) can help protect their data. Aside from that, nearly 70% of the SMEs surveyed developed relevant policies to ensure the safety of their customer data since the Personal Data (Privacy) Ordinance has launched. However, over 25% of them have no knowledge regarding how their CSPs process their data and information.
The survey conducted in April this year analyzed SME cloud adoption, in addition to security and privacy readiness in Hong Kong for the second consecutive year. It aims to understand Hong Kong SMEs’ application of cloud technologies, with a key focus to analyze their level of cloud security and privacy readiness. Also, it reveals the market trends to provide useful recommendations to SMEs, by comparing the data from 2014. The survey was sponsored by Microsoft Hong Kong.
Chester Soong, Chairman of Internet Society Hong Kong, said, “Compared to last year, this year’s survey shows SMEs in Hong Kong have seen the importance of data security, especially those who hired external parties to conduct security audit and certification reviews in the past. An increase of 40% SMEs have started to formulate policies towards data security. The report also reveals, more than 50% of surveyed SMEs consider cloud services as one of the solutions to resolve data security issues. This indicates SMEs started to realize the higher level of data security they can enjoy, by adopting reliable cloud services.”
Claudius Lam, Chairman of Cloud Security Alliance Hong Kong and Macau Chapter, analyzed, “In response to the recent public concern towards personal data privacy, we added in particular questions. The results indicated around 70% of the respondents have policies to comply with the ordinance since the Personal Data (Privacy) Ordinance has been enacted, representing their concern on protection of personal data. However, a quarter of the surveyed SMEs using cloud services have uncertainty on how their CSPs would use their data and personal information. More than half of them will disapprove their CSPs to look at and use their company or customer data for marketing purpose. We recommend SMEs should look for CSPs who comply with international standards, like ISO/IEC 27018. The latter provides guidelines for CSPs concerning the protection of personally identifiable information.”
Alan Chan, National Technology Officer of Microsoft Hong Kong Limited, stated, “Microsoft has been committed to helping SMEs utilize technology to strive for greater competitiveness. In fact, given the pace of the cloud services market rapidly being developed, we have recorded triple-digit growths year-on-year. And, 80% of the SMEs in the survey also adopt and benefit from a myriad of cloud services. In view of the limited resources and expertise SMEs encounter, it is recommended to consider reliable and enterprise-class CSPs to provide proper cloud services with the right business models. This would help to better protect its business data and property with an efficient approach. Aside from that, SMEs can now enjoy enterprise-class data and privacy protection such as data loss prevention and email encryption at a more affordable cost.
Pushpa Jayanna, Chief Operating Officer of Just Service, shared: “Just Service, a SME in Hong Kong, is a specialist service provider and a licensed life insurance broker. We have started deploying Microsoft Office 365 and CRM online half a year ago. Like many other local enterprises, we strictly comply with the Personal Data (Privacy) Ordinance provision, to ensure our business governance and sustainability. Therefore, we have to ensure our CSP is qualified in conjunction with the ordinance, and is able to provide relevant services at international standards. An example of these standards is ISO/IEC 27018, the code of practice for protection of personally identifiable information, released earlier. This guideline helps SMEs to select an appropriate CSP and do overall management more easily and effectively.”
The Hong Kong Small and Medium-sized Enterprises (SMEs) Cloud Adoption, Security and Privacy Readiness Survey was conducted by the Internet Society Hong Kong and the Cloud Security Alliance Hong Kong and Macau Chapter, who commissioned the Hong Kong Productivity Council (The Council) to carry out telephone interviews to Hong Kong SMEs (10 – 100 employees) over the course of three weeks and to review data from the Census and Statistics Bureau. The Council successfully collected 168 responses to the survey. The research covered major industry sectors in Hong Kong. The survey questionnaire was developed based on the Cloud Security Alliance Cloud Control Matrix international standard with questions adapted to local conditions. The survey was sponsored by Microsoft Hong Kong.
CSA Hong Kong and Macau Chapter 