"If something like that happened, it would change the picture and have a profound impact," said Jay Heiser, a Gartner analyst. "Otherwise, it's premature for organizations to forgo the benefits of cloud computing, but it's also an opportunity to revisit security concerns in general."
At Needham Bank in Needham, Massachusetts, IT Vice President James Gordon, said the NSA scandal hasn't horrified enterprise IT leaders because "I don't think there's been a relevant connection to how it impacts an organization yet."
"Until they have a material loss or one of their peers has an accidental information disclosure, it won't hit home," Gordon said.
The level of concern about leaks due to government spying also hinges on the type, size and industry of a company. "I'm not aware of any instances of this happening to a mid-size wholesale company like us," said Hal Greene, vice president of IS at Composites One, a distributor of plastic and glass products in North America that uses Google Apps.
But Paul Grewal, CEO of Sage Human Capital in San Bruno, California, an executive search and recruitment firm, worries about a nightmare scenario in which government snooping on his company's data could result in a leak. "We are definitely concerned. It creates a liability," he said.
A leak could be extremely harmful to the candidates seeking jobs, their current employers and the companies that are hiring. "Our data is extremely confidential," he said.
The company would find itself potentially liable for breaching confidentiality agreements with clients, and it would also see a major trust breakdown.
Sage Human Capital deployed a business intelligence tool from Jaspersoft on the Amazon EC2 cloud service about six months ago to give clients a granular analytics view of how a search is going. "The reason we went to the cloud was ease of implementation and deployment," Grewal said, adding he doesn't plan on rolling back that decision.
He's confident Amazon will provide top-notch encryption and security, but he's also aware that "NSA has a heavy hand and can make offers people can't refuse."
Analysts say CIOs need to weigh risks and rewards and adhere to best practices, whether the government is snooping on their systems or not.
"The answer to whether the risks outweigh the benefits will be different for different companies and CIOs," said Scott Strawn, an IDC analyst.
"Our advice to organizations is to recognize the sensitivity of their data, and if it's highly sensitive, they should take very careful precautions about where they put it, and place heroic levels of protection around it," Gartner's Heiser said.
For starters, companies need to decide which applications and data can be put in a public cloud service, which can go in a private cloud service and which should remain behind the on premises firewall.
Sign up for CIO Asia eNewsletters.