Explosive revelations in the past six months about the U.S. government's massive cyber-spying activities have spooked individuals, rankled politicians and enraged privacy watchdogs, but top IT executives aren't panicking -- yet.
So far, they are monitoring the issue, getting informed and taking steps to mitigate their risk in various ways. But the alarming reports haven't prompted them to roll back their decisions to host applications and data in the cloud.
That's the consensus from about 20 high-ranking IT executives interviewed in North America and Europe about the effect that the U.S. National Security Agency's snooping practices have had on their cloud computing strategy. The news broke in June, after former NSA contractor Edward Snowden began leaking the earth-shaking secrets to the media.
Many of the IT executives interviewed say that they're not thrilled with the situation, and that it has made them more careful about cloud computing plans and deployments, prompting them to review agreements with vendors, double-check best practices and tighten security controls.
However, these IT executives haven't been completely surprised by the revelations. Whether by overt means or through covert operations, it's well known that governments engage in surveillance of telecommunications and Internet traffic.
"Government surveillance hasn't changed our opinion about cloud computing. The cloud model is attractive to us, and I was never that naive to think that this type of government monitoring wasn't going on," said Kent Fuller, director of enterprise infrastructure services at BCBG MaxAzria Group, a Los Angeles-based women's fashion designer and seller that uses Microsoft's Office 365 public cloud suite primarily for employee email.
Stealthy monitoring of computer systems and communications by governments currently doesn't rank among the top IT security concerns for many IT leaders. "Every CIO will tell you we worry every minute of every day about security, privacy, redundancy, operational continuity, disaster recovery and the like," said Michael Heim, Whirlpool's corporate vice president and global CIO. "We're probably the most paranoid guys on the planet."
Jacques Marzin, director of Disic, France's interministerial IT and communications directorate, said the NSA scandal confirmed the known risks associated with the use of public cloud services. "We are of course concerned about any third party access to our data although we have limited usage of public clouds," he said.
However, having everything behind the firewall also carries risks. CIOs worry about the cost and complexity of running servers on their own premises and the potential loss of competitiveness if rivals are taking advantage of the benefits of cloud computing.
"At the end of the day, the capabilities and economics around the cloud computing model are so compelling that when you artificially try to not take advantage of them you impact your ability to compete, because others will take advantage of them," Heim said. Whirlpool recently decided to move about 30,000 employees from an on premises IBM Lotus Notes system to the Google Apps public cloud email and collaboration suite.
Sign up for CIO Asia eNewsletters.