Staten, the analyst who advises cloud users, says it's a judgment call as to whether users should be concerned about this issue. If they are, then switching to an international outsourcing provider is one solution, but one that should be considered carefully.
There may be some value in using an international provider for outsourcing needs, but sometimes international providers open their books at the demands of other governments, he says. "You can't conclude (that international) hosting providers would be immune to the same pressures," that U.S. providers are subject to, he says. Plus, there could be significant costs for migrating workloads to an international outsourcer, including latency concerns that could arise.
The better approach if there is a worry, he says, is to work with the security team on ways to secure the data adequately. "Only if they conclude they cannot sufficiently protect this data should they then look to move that data elsewhere," he says.
Jenkins, with Cloud Sigma says he's seen "a handful" of customers drop a US provider in favor of their offering since the NSA allegations were revealed. It's a strategic decision to look into an international provider instead of one hosted in the U.S., he says.The tone by Jenkins is somewhat of an opportunistic one the company and other European providers are happy to provide what customers consider to be a safer haven compared to U.S. providers.
But U.S. technology executives say they're pushing back on the government too.
In a recent interview Yahoo CEO Marissa Mayer said the company begrudgingly complies with U.S. orders to hand over information, but the company pushes back to ensure there is the proper court oversight on requests for data. Not complying with such court-ordered requests could result in incarceration, she said.
Noted security expert Bruce Schneier said soon after the NSA leaks came out that he believes the issue could be a thorn in the side of outsourcing providers. "Cloud computing is precedent on the notion of trust us with your data,'" he says. "If you don't trust the vendor, you can't do it." These NSA allegations are making it more difficult to "trust your vendor," he says. (Read what Schneier has to say about encryption related to NSA spying.)
The bigger impact, he believes, will likely be on non-US entities not wanting to put information in U.S. cloud providers. If you're a company really concerned about any government peering into your computer systems, perhaps not using an outsourcing provider at all is the best way to go though, he notes.
Sign up for CIO Asia eNewsletters.