Is Government Surveillance Driving Away Business from the Cloud?

It may surprise you, but the answer to the question posed in the headline above is a definite “Maybe!”

In the past week in the U.S. we have seen Silicon Valley executives sit down with President Obama to express their concerns that the National Security Agency (News - Alert) (N.S.A.) snooping scandal is hurting their businesses with possibly catastrophic impact. This is coming from companies whose intrusion on our personal information is at the heart of how they make money.     

There was also the detailed article in the New York Times, on a forthcoming administration proposal to curtail the current regime of bulk phone data collection by the N.S.A. which was the first Snowden leak to grab international attention. As the article points out, the proposal faces an uncertain legislative future due to key differences with legislation already in the U.S. House of Representatives.  

Throw in a dash of news about the N.S.A. hacking Huawei’s (News - Alert) equipment to spy on rouge nations and bad guys, talk about irony given Huawei has faced competitive challenges due to its alleged ties to China’s military intelligence community. Plus, add to the pile the UK’s advertising watchdog giving Microsoft the green light on an ad campaign that promotes Microsoft Outlook by saying it does not like Google’s (News - Alert) Gmail service scan email contents for commercial purposes. It all makes for a lot of mixed signals about where government and business go from here, particularly on the business side of restoring trust.

RSA (News - Alert) survey by Lieberman Software finds government snooping is hindering cloud migrations

The reason for the prolog is that it is useful context for a survey just released by privilege identity management solutions provider Lieberman Software, who knows a thing or two about the protection of personal information. Conducted at the recently concluded RSA Conference 2014 in San Francisco, the survey looked at the attitudes of nearly 280 IT security professionals towards cloud security.

While the highlight of the report is that 80 percent of respondents prefer to keep their more sensitive data corporate data within their own networks and hence are not looking to move it to the cloud, despite all of the revelations and headlines that number while substantial is actually shrinking.

Key findings from the survey include:

• 80 percent of respondents, as noted, prefer to keep mission critical data under their control and not in the cloud.
• 33 percent of IT professionals say government snooping discourages them from using the cloud.
• 75 percent of respondents indicated they cloud causes security headaches for their IT departments.

Commenting on the survey Philip Lieberman, President and CEO of Lieberman Software, said, “IT managers are aware there is very limited data privacy in cloud environments and they therefore prefer to keep their most sensitive assets on premises. Another issue is legislation in the cloud and the fact that IT executives do not want governments probing into their corporate data. If a government or official body wants to see what data a company is holding, the cloud host involved is legally obliged to provide them access.”

As Lieberman also acknowledged, the fact that there is significant skepticism about moving sensitive data to the cloud is not surprising.  However, it is notable that the same survey was done in November, 2012, and 48 percent of respondents were discouraged from using the cloud because of fear of government snooping, while 86 percent of respondents preferred to keep more sensitive data within their own network, rather than the cloud.  In short, despite the outcry, particularly from corporate executives, at least for now trust in the security of the cloud has actually increased over the last year.

In fact, in an interesting comment, Calum MacLeod, VP of EMEA for Lieberman Software, said, “The fact that the government is snooping within our IT environments and on our phone calls isn’t a big revelation, and when the NSA scandal broke it should not have come as a surprise to those who work in the security industry. Government surveillance has been around for a very long time and unless you’re doing something against the law it shouldn’t be a concern. Security professionals realize that the major cloud service providers offer very comprehensive security. Ultimately their willingness to invest in technology to protect their clients probably offers a more secure environment than off shoring companies, particularly those in India who seem to think that everything can be solved with cheap labor.” 

While the last sentence is likely not going to sit well with off shore companies, or for that matter the Indian government, the point about the cloud in many ways being as if not more secure than legacy security solutions is one area where the cloud providers are finally making some headway. In fact, it should also be noted that Security-as-as-Service is a growing business, and the reason are that it makes sense from financial and risk mitigation perspectives. 

This is such a hot area of interest. Thus, there can be no doubt there are going to be lots of research reports on the impact of the N.S.A. scandal. In fact, those executives who met with the president are sure to be providing numbers to back up their concerns about lost business. Market temperatures are going to be taken frequently. Stand buy to see which way things are moving, and how this influences pressures on the U.S. Congress to pass something or pass on taking action.