NSA's Prism Could Cost U.S. Cloud Companies $45 Billion
Losses may total between $35 billion and $45 billion in next three years due to lost business stemming from disclosure of NSA monitoring, new research predicts.
9 Android Apps To Improve Security, Privacy
(click image for larger view)
The revelations about the monitoring of phone calls, emails and Internet traffic by the National Security Agency's Prism program will cost U.S. cloud suppliers either $35 billion, $45 billion, or maybe not so much, depending on how you interpret recent data on the continued use of hosting services, according to analysts looking at the aftermath of the Edward Snowden leaks.
The $35 billion figure springs from a recent survey by the Cloud Security Alliance, which found that 56% of 500 respondents said the disclosures by the fugitive NSA systems administrator would cause them to lose non-U.S. business. Canada, plus Germany, France and other European countries, have rules that require companies to guarantee the privacy of data that originates within their borders. Most comply by keeping the data on storage inside its country of origin.
Castro reported that Jean-Francois Audenard, the cloud security advisor to France Telecom, "said with no small amount of nationalistic hyperbole, 'It's extremely important to have the governments of Europe take care of this issue. ... If all the data of enterprises is going to be under the control of the U.S., it's not really good for the future of the European people.''' France recently invested 135 million Euros in a joint cloud venture with French business.
The losses by U.S. companies could be greater, concluded James Staten, lead cloud analyst at Forrester Research, after reviewing Castro's report. Castro's analysis looked only at the business that might be withdrawn from U.S. providers by foreign companies and concluded that 20% of that business was at risk of going away regardless of security questions. Staten said some cloud users in the U.S. will also have to bypass U.S. cloud providers and move part of their business overseas to satisfy their international units and customers. That would add $10 billion to Castro's total, he said.
"European Union rules require data about EU citizens be stored and retained in the EU ... so seeking an EU-based cloud provider or non-cloud IT provider would be a prudent tactic for a U.S. business," Staten noted in a lengthy blog post dated Aug. 14.
Staten wrote that Neelie Kroes, European Commissioner for Digital Affairs, summarized the problem: "If European cloud customers cannot trust the United States government, then maybe they won't trust U.S. cloud providers either. ... If I were an American cloud provider, I would be quite frustrated with my government right now." Between now and 2020, the consequences may be a shift in billions of dollars worth of business away from American suppliers to European suppliers, Kroes predicted.
The data privacy rules don't only apply in European countries. Canada has strict requirements on its citizen's medical records. Since the U.S. Patriot Act was passed, Canada has forbidden medical information on its citizens to be stored on U.S. servers. It's unlikely that concern would be eased by the Snowden revelations.
Pat O'Day, co-founder of the VMware-compatible cloud service, Bluelock, said there are many VMware customers in Canada that have an interest in a cloud supplier for backup and recovery purposes. Bluelock offers such a service, geared to work with the VMware product set. But he finds Toronto customers moving their data across the continent to suppliers in Vancouver "just to keep it on the north side of the border," rather than turn to a closer provider in Indianapolis.
"Both data and IP concerns were already driving decision-making behavior for our northern neighbors due to the Patriot Act. But the recent NSA situation is unfortunately underscoring and exacerbating the issue," O'Day said in an email.
Multicloud Infrastructure & Application ManagementEnterprise cloud adoption has evolved to the point where hybrid public/private cloud designs and use of multiple providers is common. Who among us has mastered provisioning resources in different clouds; allocating the right resources to each application; assigning applications to the "best" cloud provider based on performance or reliability requirements.
InformationWeek Must Reads Oct. 21, 2014InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.