Business attitudes toward the cloud have changed a lot in recent years, but one thing has not: cloud's growth within small businesses, and now larger enterprises, as a standard component of IT operations. The cloud's continued growth is inevitable, because it's one of the best opportunities for organizations to achieve greater IT flexibility, cost efficiency, and value from their data. This year alone, the global cloud market is set to grow more than 126%, according to GigaOm Research.
Yet, despite the prospects for growth, there's room for doubt that the US will dominate the global cloud market. The NSA snooping revelations that broke during last year's "Summer of Snowden" stoked fears around security, compliance, and privacy in the cloud, particularly for businesses in highly regulated industries, and in countries with strict data privacy laws.
When Forrester analyst James Staten notoriously projected last August that the US cloud market would miss out on $180 billion in revenue by 2016 as a result of NSA concerns, people in all corners of the tech industry sat up and listened. Since then, unlikely dissidents, including Google, Microsoft, and Facebook, have made their case to the US government that NSA surveillance needs to be curtailed, or it could seriously hurt their business.
[New disclosures from former NSA contractor Edward Snowden detail the National Security Agency's RETRO system. See NSA Records Billions Of Foreign Phone Calls.]
Saber rattling aside, one has to wonder: Just how doomed is the US cloud market? And should government agencies, including the NSA, be concerned?
Unfortunately, the threat to the US cloud market, due to worries about government surveillance, looks real. Non-US businesses are increasingly concerned about the privacy and security of their (and their customers') data. In fact, a recent survey from ResearchNow, commissioned by Peer 1 Hosting, showed 25% of UK and Canadian businesses plan to pull company data out of the US in 2014 as a result of the NSA revelations. The survey also found that most companies are thinking differently about the location of their data post-Snowden: 82% said privacy laws are a top concern for them when choosing where to store data, and 81% want to know exactly where their data is being hosted.
Wariness about US data laws is not a new thing. Many European and Canadian companies have avoided hosting data in the US since the USA Patriot Act in the early 2000s, which permitted the government to inspect data on any servers in the US, even if the data was owned by non-US customers. European companies' concerns around the Patriot Act grew so strong by 2011 that it began to hamper the growth of the cloud industry in Europe, as service providers in France, Germany, and elsewhere limited their customer base by "walling off" their clouds from North America. In fact, an Informa report revealed that European providers accounted for just 7% of carrier cloud investments worldwide in 2011.
Such nuances of the global cloud market used to seem like "somebody else's problem" to US government agencies. But now, with the Snowden leaks confirming data privacy concerns, hesitance to store data in the US may actually boost the growth of the cloud industry in Europe and Canada, to the detriment of the US economy, as customers seek ways to keep their information as far from the NSA as possible.
The data sovereignty issue is in fact so important that 70% of the businesses surveyed by ResearchNow would give up some level of performance to ensure they have control over their data. It's not unreasonable to assume European cloud upstarts can snatch some of their business.
Meanwhile, US government policy mandates have called federal CIOs and other IT executives to adopt cloud technologies, beginning with the Federal Cloud Computing Initiative (FCCI) launched five years ago. The intent of the FCCI was to cut IT costs for federal agencies, but if the number of US cloud vendors begins to dwindle post-Snowden, it could mean government IT
decision makers will have fewer cloud vendors to choose from -- and potentially face higher prices.
Still, it's difficult to gauge how long the threat to the cloud hosting market may last. For example, 51% of respondents in our survey are still hosting data in the US, making the US the most popular host country outside their own countries. Part of the reason for this may be that people simply don't have other options. If they have a large customer base in the US, there's probably not a reasonable substitute for a US-based datacenter or hosting provider. But this may change as infrastructure in Canada, Mexico, and Brazil becomes more robust, generating cloud alternatives in the Americas that could threaten the US's position as the de facto choice for hosting.
Additionally, the US government is taking steps to scale back its surveillance activity, which could alleviate the fears of non-US cloud buyers who are still on the fence. But while President Obama has announced new restrictions on the NSA's phone-data collecting programs, it's unclear if this means change on a grander scale is coming, or if it's just a short-term fire drill to help bide time.
Has trust in the cloud (or in the Internet, for that matter) been permanently damaged? Likely not. Companies aren't abandoning the Internet or completely upending their business models, but there will be some fundamental changes in how they go about conducting certain business operations online -- for example, with choosing where and how to host their sensitive data in the cloud.
There is definitely hope for the US cloud industry if both government agencies and service providers strive to be more open, honest, and fair about where company data is located and how it's being used. Plus, privacy laws are still a mystery to many: 60% of UK and Canadian businesses agree they don't know as much as they should about data laws, and 44% feel that privacy and security laws still confuse them. This knowledge gap gives service providers an opportunity, not only to lead the discussion around data privacy, but also to educate their customers on what it means for their businesses.
Only time will tell if history remembers Snowden as a hero or a villain, and it will likely be a mix of both. Regardless, the NSA revelations have provoked a discussion around data privacy that will ultimately help improve the hosting and cloud industries on a global scale. The new tensions that have sprung up around privacy and security, even among ordinary citizens, are sending a strong message to businesses on how they should think about their and their customers' data.
Businesses should realize how accountable they are in giving customers ownership and control of their data whenever possible, and they should acknowledge their responsibility to be transparent when data is potentially exposed to third parties. Meanwhile, IT decision makers at federal agencies can follow suit and place pressure on policy makers to scale back programs that are ultimately detrimental to the efficiency and cost-effectiveness of the government itself.
The NIST cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.Ben Young is General Legal Counsel at Peer 1 Hosting, where he defends, protects, and enforces Peer 1's legal and business interests, identifies risks, and finds the right solutions to mitigate them. View Full Bio