Government Espionage will Slow the Migration to Public Cloud
By Jim Lundy
We have written about Government sponsored espionage in the past and at the same time we also cover Cloud, including Public Cloud providers. Much of it was focused on attacks on high tech companies in the attempt to steal information about their products and services. We know that some of those attacks were sponsored by China and Iran. Given the revelations about the United States (US) Government’s PRISM program, we now know that government spying on individuals has reached an all time high. This blog is about the damage to the major Public Cloud Providers.
The NSA and Public Cloud
The US Patriot Act was the main reason that companies outside of the US did not want their content stored In the United States. Now with PRISM, it is far worse than that. It appears clear that the US Government’s National Security Agency (NSA) has access to most of the major Cloud providers data, including AOL, Apple, Facebook, Google, Microsoft, PalTalk, Skype (owned by Microsoft), Yahoo, and YouTube (owned by Google). This means that both individuals and enterprises have every right to worry that their information is being read or listened to.
First, we have always maintained that Facebook (Consumer Public Cloud) was not good for enterprises due to its use by foreign governments to spy on individuals or to be used as an attack platform where an individual that works for an enterprise is targeted.
For the technology providers that provide (sell) a Public Cloud to Enterprises, including Apple, Google and Microsoft, the revelations about PRISM isn’t good news. For many countries outside of the US, until it can be proved that the Apple, Google and Microsoft data centers based outside of the US are not being scanned, many non-US firms may stop Public Cloud Services purchases altogether.
Encryption is a Partial Answer to Public Cloud Problems
Encryption has always been around and now given the revelations about Prism, the need to leverage 256-bit AES encryption including private key encryption is greater than ever. However, we still don’t know the range and depth of the NSA’s ability to break current encryption capabilities. The bottom line is that encryption should be evaluated and deployed in many more situations than before. Many firms offer encryption capabilities and this should be something that enterprises evaluate when looking at SaaS applications that are part of a Public Cloud.
This story is still evolving and we expect more information to come out about other things that the NSA has been doing. Either way, the march to the Public Cloud just slowed down. Developing…