Starting a year ago, former NSA hand Edward Snowden’s disclosures about NSA data gathering and retention processes set off a firestorm. Consumers were concerned about the privacy (or lack of same) of their daily phone calls and email exchanges. U.S. cloud providers were so irked about the negative impact on their ability to sell stuff at home and abroad that they started lobbying the government to stop the practice — or at least make it more transparent.
But now, months after the flood of disclosures started, thinking has become a bit more nuanced. At Structure 2014 a few weeks ago, HP’s EVP Bill Veghte said NSA-gate has slowed the sale of cloud services in China, an exploding market. But Bill Fathers, the SVP in charge of VMware’s cloud, said that while Snowden’s news provoked a short-term negative reaction he expects the longer-term ramifications to be quite beneficial. In fact, he now expects the ensuing discussion to “massively accelerate the adoption of the public cloud.”
And, the Open Data Center Alliance, an industry group, pointed out that NSA snooping is just one of several threats — er, factors — to be considered as customers assess their IT plans and that, in general, the benefits of cloud adoption outweigh any snooping risks, according to The Register. ODCA, which comprises big IT vendors and users — companies like BMW, Deutsche Bank, Capgemini, InfoSys and SAP– also published a white paper to help guide their thinking.
Maybe we owe Snowden thanks instead of insults
It might be more productive to think that Snowden did the world a favor rather than cursing his name. As ODCA Chairman Mario Mueller told the Register, Snowden started a “much needed debate” about the nature of IT security that we should be having anyway. That includes discussions about what types of corporate data can be crunched or stored on a public cloud and which should remain on unshared infrastructure, for example.
One question that should be raised among traditional IT shops is whether their own server rooms or data centers are inherently more secure to physical threats — break-ins, etc. — than IT resources that run in colocation centers or data centers run by the likes of Amazon, Google and/or Microsoft. I’ve seen company server rooms with doors that don’t even lock, for goodness sake.
Cloud or no cloud, snooping is an issue
Cloud computing took a hit from all this because cloud vendors aggregate and run a ton of user data and so are seen as the mother lodes of information that spy agencies find attractive. But let’s face it, disclosures of possible back doors in networking gear, servers and other equipment used by cloud and non-cloud vendors alike mean that no deployment model is beyond suspicion.