15 Comments

Summary:

And the answer is … It’s complicated. Edward Snowden’s disclosures at the very least raised questions that all IT pros need to think about regardless of their deployment choices.

US flag, propaganda, PRISM
photo: Marina99

Starting a year ago, former NSA hand Edward Snowden’s disclosures about NSA data gathering and retention processes set off a firestorm. Consumers were concerned about the privacy (or lack of same) of their daily phone calls and email exchanges. U.S. cloud providers were so irked about the negative impact on their ability to sell stuff at home and abroad that they started lobbying the government to stop the practice — or at least make it more transparent.

But now, months after the flood of disclosures started, thinking has become a bit more nuanced. At Structure 2014 a few weeks ago, HP’s EVP Bill Veghte said NSA-gate has slowed the sale of cloud services in China, an exploding market. But Bill Fathers, the SVP in charge of VMware’s cloud, said that while Snowden’s news provoked a short-term negative reaction he expects the longer-term ramifications to be quite beneficial. In fact, he now expects the ensuing discussion to “massively accelerate the adoption of the public cloud.”

And, the Open Data Center Alliance, an industry group, pointed out that NSA snooping is just one of several threats — er, factors — to be considered as customers assess their IT plans and that, in general, the benefits of cloud adoption outweigh any snooping risks, according to The Register. ODCA, which comprises big IT vendors and users — companies like BMW, Deutsche Bank, Capgemini, InfoSys and SAP– also published a white paper to help guide their thinking.

Maybe we owe Snowden thanks instead of insults

It might be more productive to think that Snowden did the world a favor rather than cursing his name. As ODCA Chairman Mario Mueller told the Register, Snowden started a “much needed debate” about the nature of IT security that we should be having anyway. That includes discussions about what types of corporate data can be crunched or stored on a public cloud and which should remain on unshared infrastructure, for example.

One question that should be raised among traditional IT shops is whether their own server rooms or data centers are inherently more secure to physical threats — break-ins, etc. — than IT resources that run in colocation centers or data centers run by the likes of Amazon, Google and/or Microsoft. I’ve seen company server rooms with doors that don’t even lock, for goodness sake.

Cloud or no cloud, snooping is an issue

Cloud computing took a hit from all this because cloud vendors aggregate and run a ton of user data and so are seen as the mother lodes of information that spy agencies find attractive. But let’s face it, disclosures of possible back doors in networking gear, servers and other equipment used by cloud and non-cloud vendors alike mean that no deployment model is beyond suspicion.

  1. NSA PRISM told us Public Cloud servers have Backdoor Access. Also once your Data is in the Public Cloud the Vendor OWNS your Data and have 100% control over your data.
    Now ask your self, do you still want to give your data to the Public Cloud, I think NOT………..

    Reply Share
    1. but there are also backdoors in networking gear that is used in cloud but also on-premises.

      Reply Share
  2. It seems to me that the whole NSA PRISM thing has demonstrated that it’s very difficult to secure data WHEREVER it is stored, particularly when Government Agencies rock-up and ask to see it. Individuals who put their dedicated servers into co-lo facilities seem to miss the fact that their access to those servers is almost always over shared networking infrastructure. And when it comes to “backdoors”, just what is buried in all that proprietary hardware and software out there? I doubt the alleged backdoors are limited to Public Cloud servers. No, IMHO, Snowden has sparked a much wider debate that goes way beyond Public Cloud.

    Reply Share
    1. agreed. i guess the appeal of cloud ito data snoops is that there so much customer data from so many people all in one place. agree that backdoors impact cloud and non-cloud which i tried to note in the story.

      Reply Share
  3. Again once your Data is in the Public Cloud servers the Vendor OWNS your Data and have 100% control/access to your data. With NSA PRISM we found out in the Public Cloud beside from the Vendor OWNS your Data now, also Public Cloud servers have Backdoor and who knows who have access to your Data.

    Reply Share
  4. He deserves far more than insults. He deserves going to trial, and paying for damage done to security of all citizens of the world and damages done to companies as a result of his exposure. If the system needed changing, fleeing to non-NATO countries is not confidence inspiring that he was acting in their interest.

    This presumption that the NSA which is lead by democratically elected people and funded by citizen of a democratic society just to be mischievous is as ridiculous as it sounds.

    Attributing security improvements in the cloud to Snowden presumes NSA has been the enemy all along, rather than hackers from Russia, China, Iran, North Korea, Al Qaeda, Lulz, Anonymous, Nigerian spammers, etc.

    Thumbs down Barb

    Reply Share
    1. You, sir, are a fool.

      Reply Share
      1. Degenerating into name calling does not support a position, rather it demonstrates you’re having trouble supporting an argument you would like to make.

        Reply Share
        1. Protect Yourself Tuesday, July 15, 2014

          Forget Dave’s rant, and secure your communications with these simple to use and free of charge tools at: https://pack.resetthenet.org

          Reply Share
  5. Kind of like paying peeping toms with your money to peep in all your windows.

    Reply Share
  6. kendracyrus007 Monday, July 14, 2014

    Thanks Barb for this post.

    Reply Share
  7. It hurts cloud adoption but only because many in business had a really foolish trust in computer security. Now they realize that the NSA can look and will hopefully realize that more than just teh NSA c an hack cloud servers or any server. Unfortunately, sensitive information needs to be stored on an in-house local network that isn’t connected to the www (or connected via a brutally limited protal. In general, most businesses should be fine to use the cloud but some need or should be much more careful. But they won’t because they will choose to save 5% on costs, it will all take on a very pirate like atmosphere (if it hasn’t already). The new ‘booty’ are company secrets and they are ripe for the plunder me lads!

    Reply Share
  8. I’m keeping my data in a hand written notebook under my bed.

    Reply Share
    1. no joke @ishabaka. I’m told attendees at Defcon/ Black Cat conferences refuse to use computers or wifi. Instead they use pads and pens

      Reply Share
  9. I will never use the cloud. Not just because of the NSA or other law rnforcement etc.
    I want my data safe and as secure as can be here at home on my hard drive and backed up as needed on MY usb stick etc.
    No one can snoop if it isn’t online.
    Besides what happens when the various clouds crash, as they will someday. Or are hijacked.
    Or a company decides to raise prices to a level you refuse to pay and hold your info hostage until you do?

    Reply Share