Security is still the top concern for organisations looking to migrate to a cloud service model, with privacy following close behind, according to the latest research from the Cloud Industry Forum (CIF).

In a survey of 300 end user organisations in November last year, 62 percent cited data security as one of their most significant concerns about cloud adoption, and 55 percent said they were worried about data privacy in the cloud.

Other concerns included dependence on internet access (49 percent), confidence in vendor reliability (35 percent) and contract lock in (34 percent).

According to Simon Bain, CTO at British search company Simplexo, these concerns are largely a result of the “fear, uncertainty and doubt” (FUD) that surrounds cloud computing. He said that, rather than bandying around buzzwords, vendors should be focusing on proving that the cloud is secure, in order to reassure customers.

“I am obviously a believer in using the ‘cloud’ as a way forward for both personal and corporate life,” said Bain. “However, there are certain guidelines that I think need to be adhered to before we all start throwing our hard disks away and placing everything in to the hands of others.”

He said that security is “the first and last thing” that providers should be thinking about, because security is important in all aspects of people's online life, and the cloud is no different.

“Just because you may not be logging in to your bank, does not mean that the security should be any weaker. Remember you may have placed your bank statements in the cloud!” he added.

Simplexo is a member of CIF, which also today announced the launch of a new legal sub-group. Chaired by Conor Ward, partner at Hogan Lovells, the group will aim to offer clarity on legal issues to do with cloud computing and work towards providing a conducive legal framework in support of the work of the Cloud Industry Forum.

“Cloud, by nature, is creating a greater sense of capability and collaboration, which can, if not checked, drive contractual and operational ambiguity,” said Andy Burton, Chair of CIF and CEO of Fasthosts. “Clarity on the services delivered and accountability and responsibility of the parties involved in delivering them is key.”

The group will offer advice on cloud service types, data protection issues, software licensing in the cloud, service definitions and levels, liability, procurement, applicable law, customer data and the future of cloud law encompassing both the UK and the EU.

EU Justice Commissioner Viviane Reding is this week expected to announce a new data protection regime, that could have a significant impact on the cloud computing industry. The law is expected to include new rules about how and where data can be stored, and increasing the accountability of cloud service providers.

Cloud Expo Europe is also taking place this week, on 25-26 January at National Hall Olympia.