Organisations are more likely to entrust sensitive data to cloud providers than they are to business partners or outsourced data centre hosting companies, a Gartner survey has found.

Of the 425 IT risk management professionals surveyed, 38% reported that their organisation has a policy of not sharing ‘sensitive data or processes’ with business partners. This compared to 29% for outsourced data centre providers, 26% for software-as-a-service providers and 20% for platform- or infrastructure-as-a-service providers.

"These results make sense, given that sharing data with a [business] partner almost certainly means that one or more of its employees will be accessing the data, while in a SaaS scenario, the data is typically only accessible to the primary customer," said Jay Heiser, research vice president at Gartner.

Interestingly, organisations are more likely to entrust sensitive data – defined as ‘data concerned with confidentiality and secrecy’ – with cloud providers than ‘mission-critical data’, data that is associated with availability, continuity and data recovery practices.

This suggests that they are more concerned about the availability of data hosted in the cloud than its security. "Survey respondents indicated 10% less willingness to place mission-critical data into a SaaS offering than to place sensitive data into it," said Heiser.

"They were even less willing to place mission-critical data into outsourced data centers, with over one-third of respondents saying that they do not allow it," he added.

This is probably due to a perception that "packaged service offerings, which typically claim to be based on cloud computing, are more reliable," Heiser explained, although this trust is misplaced.

"While fault tolerance is a feature of many such offerings, we consider it premature to assume that mission-critical data is safer in a cloud than in a traditional data centre in which buyers usually make very specific choices about how data will be backed up."