Are Server Providers Facing A Backlash Over Continued NSA Revelations?

NSA Revelations

Edward Snowden, the NSA, Heartbleed – it seems every technology story at the moment is in some way linked to these topics. Whether or not you believe that the NSA was directly involved in the Heartbleed security flaw, it is apparent that cloud customers around the world have been rattled by the disclosure of mass government surveillance and security leaks.

What affect have these revelations and worries had on United States-based cloud providers?

Contract Cancellations

A Cloud Security Alliance (CSA) survey found that ten percent of non-United States companies cancelled contracts with American service providers following the admission of the NSA spying program in the middle of 2013.Worryingly for those providers, the survey also found that a massive fifty six percent of respondents are now reluctant to work with any US-based cloud service. Only thirty percent of those surveyed said that ‘spygate’ would have no impact on their use of cloud services.

The data surprised senior figures within the cloud computing industry. Jim Reavis, Co-Founder and Executive Director of the CSA, said the level of scepticism was greater than he expected, but pointed out that he “thought that more people would understand that these activities happen all the time in their countries as well”. Whether or not other countries conduct the same level of covert operations is not clear.

Foreign Intelligence Surveillance Act

Most customers cited one major stumbling block that would need to be addressed before they once again consider American cloud providers – transparency about the US Government’s use of secret orders from the Foreign Intelligence Surveillance Act (FISA).

With internet giants such as Google, Microsoft, and Yahoo all being regularly subjected to FISA court orders, the report showed an almost unanimous call for the White House to disclose more information about the details that are being requested.

Virtually everyone that responded said that providers need to be able to provide at least aggregate information on what they are doing” Reavis said, pointing out that a majority of respondents want hosting companies to be allowed to disclose how many NSA requests they get for each customer record, what kind of information is being requested, and how much is being provided.

European Concerns

The region that cloud providers will be most concerned by is Europe. The cloud is already suffering from a slower uptake in Europe than in North America, and even before the Wikileaks disclosures last year European regulators had published a report warning about how FISA can be used to target non-US individuals located outside America.

The report stated that “FISA can be seen categorically as a much graver risk to European Union (EU) data sovereignty than other laws hitherto considered by EU policy makers” – a quote that led one European-based security firm to note that “”Right now, there are many customers who don’t want to buy American”.

After the Snowden leaks the EU Parliament voted to investigate the privacy and civil rights implications of the NSA spy programs on European citizens. The report is still being conducted, but it is certain that its conclusions will not be favourable for American cloud providers.

The Solution

What do you think is the solution the problem of trust and privacy in the cloud? Is it an inevitability of modern life that other people will be able to learn everything about us merely by switching on a computer, or is government spying an unacceptable level of intrusion?

By Daniel Price

Patrick Joggerst

Session Border Control as a Service: Faster, More Secure and Dramatically Less Complex Enterprise Communications

Session Border Control as a Service As businesses are increasingly moving to cloud-based unified communications (UC) for improved collaboration and productivity, they must also ensure that their networks and systems are as secure as possible ...
Mike Johnson

Data Transmission Travel Plans – From The Ground Up

Don’t Forget Networking The term “cloud” was first used by the telecomm industry in early schematics of the Internet to identify the various, non-specific uses data was put to at the end of their cables ...
Miha Kralj

SaaS Native – Design, Delivery and Management of Applications

Going cloud native, the right way Moving from a traditional IT organization to one that’s cloud native is an inevitability for all businesses. This is because all real software innovation is now cloud-first or cloud-only, ...
Bruce Guptill

As The Digital Workplace Strengthens, Traditional Business Thinking Must Die

The Digital Workplace The cloud-driven, digital workplace is enabling better ways of working, new ways of doing business, and entirely new business opportunities. It is also breaking down traditional boundaries and barriers within and between ...
Mark Casey Apcela

How to Optimize Your Office 365 Performance with Network Peering

Optimize Performance with Network Peering Microsoft Office 365 usage has grown significantly in recent years. More than 56 percent of organizations all around the world now use Office 365 cloud-based services. In terms of user ...
Tech

What is the Difference Between a VPS and a Cloud VPS?

VPS or Cloud VPS? While researching this article it became very apparent that there is a lot of confusion about the differences between VPS Hosting and a Cloud VPS. They are both Virtual Private Servers, ...