Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

NSA revelations a mixed bag for private clouds

John P. Mello | Aug. 15, 2013
Life in the cloud hasn't been the same since Edward Snowden began leaking secrets about government snooping on the Internet.

Life in the cloud hasn't been the same since Edward Snowden began leaking secrets about government snooping on the Internet.

Public cloud operators in the United States may be facing large losses because of the Snowden Affair, said a report last week by the Information Technology & Innovation Foundation.

"Recent revelations about the extent to which the NSA obtains electronic data from third-parties will likely have an immediate and lasting impact on the competitiveness of the U.S. cloud computing industry if foreign customers decide the risks of storing data with a U.S. company outweigh the benefits," the ITIF noted.

"Unless the White House or Congress acts soon," it said, "the U.S. cloud computing industry stands to lose $22 [billion] to $35 billion over the next three years.

If that trend develops, will more companies seek security for their data in private clouds? After all, proponents of private clouds have been taking pot shots at security in the public cloud for years and Snowden's revelations have given them a fresh magazine for their guns.

"There could be a backlash against the public cloud," Eric Chiu, president and founder of the cloud infrastructure control company HyTrust, said in an interview.

"In general, security is the biggest inhibitor for public cloud adoption," Chiu said. "This just reinforces the security concerns that lots of companies have in moving to the public cloud."

Stashing data in a private cloud won't necessarily protect it from law enforcement authorities armed with judicial crowbars to pry it from a company. "Simply moving from public to private clouds will not keep sensitive data from the prying eyes of intelligence agencies," said Michael Sutton, vice president of security research for Zscaler.

"The NSA has the ability to require third parties to legally turn over data when appropriate approvals are in place," he continued. "This is a legal requirement which must be adhered to."

"Enterprises should also keep in mind that programs such as those detailed by Snowden target various communication mediums including web mail and social media -- targets that employees are likely to utilize regardless of enterprise architecture," he added.

However, there's at least one advantage to having data in a private cloud when G-persons show up on the doorstep. "If I'm operating a private cloud for my own use, and I get a subpoena or some other request from a government agency, at least I know about it," Steve Weis, CTO and co-founder of PrivateCore, said in an interview.

"If my cloud provider gets that letter, I may or may not know about it," he added.

In addition to government collection of data from public cloud providers, Snowden brought another issue to light, one that threatens the security of a company's data whether it resides in a public or private cloud. "This has really highlighted the insider threat," Todd Thiemann, marketing vice president for PrivateCore, said in an interview.


1  2  Next Page 

Sign up for CIO Asia eNewsletters.