Cloud market destined to change following NSA leaks

Internet surveillance by the National Security Agency (NSA), leaked to the media by ex-contractor Edward Snowden, has shifted companies' priorities when sizing up cloud services providers in and outside the U.S., experts say.

The economic impact to the industry is open to debate. The Information Technology & Innovation Foundation estimated last week that U.S. cloud providers could lose as much as $35 billion in business by 2016, as companies flee to rivals overseas.

This week, Forrester Research took a much broader viewer and estimated a maximum loss of $180 billion.

Both numbers are projections, and may end up nowhere near the final tally. James Staten, an analyst at Forrester, acknowledges his numbers are "purposely inflated" to make the point that if the ITIF was correct, then the losses would be five times greater. That's because the IT hosting and outsourcing industries, which also store customer data, would be similarly affected.

"The reason I say this is unrealistic is because in order for this $180 billion to play out, then companies need to aggressively start pulling back from using outsourcers, using [hosting firms], using cloud providers," Staten told CSOonlineÃ'Â on Friday. "And frankly, we don't see any evidence that suggests they're going to start doing that."

What is happening is a shift in priorities when evaluating cloud service providers. Delving into government surveillance practices, which was not a major consideration in the past, has become a priority.

"What this has done is shift the focus to the country," said Jody Westby, chief executive of the consulting firm Global Cyber Risk.

Government surveillance is not unique to the U.S. All countries watch Internet traffic. What varies are the reasons and how open they are in disclosing the rules governing the activity.

[Also see: NSA revelations a mized bag for private clouds |Ã'Â U.S. openness, restraint could lessen fallout from from NSA surveillanceÃ'Â |Ã'Â Why we can't stop malicious insiders]

China, Russia and some Middle Eastern countries are highly secretive and are assumed to be monitoring Internet traffic of people and businesses. Their secrecy make them a far greater concern when it comes to surveillance than places like the U.S., the European Union, Singapore and Australia, which have publicized their rules in varying degrees.

The NSA revelations darkened the U.S. reputation because they revealed a level of surveillance much broader than what most people and businesses had assumed. In addition, many people, from politicians and business leaders to ordinary citizens, saw the checks in place to protect privacy as inadequate and the constitutional limits of government spying violated.

"The NSA has thrown out those (constitutional) parameters," said Westby, who chairs the American Bar Association's Privacy and Computer Crime Committee. "They've thrown out the certainty of the law, because they just decided to do it their way."

Whether Congress steps in to tighten the Patriot Act, which governs the NSA's activity, remains to be seen. The national debate sparked by Snowden's leaked NSA documents still rages.

In the meantime, Forrester's Staten sees a market opportunity for countries willing to provide more details about their surveillance activities and about the data collected and how it is stored and used.

For example, Switzerland has become a banking hub because its financial laws seldom change when compared to those of most other countries, Staten said. That stability is what many companies and wealthy people find attractive.

A similar approach toward surveillance and privacy laws tailored toward transparency would be attractive to companies and to cloud service providers.

"Any county that wants to take that step could absolutely improve their position as a neutral, safe place for data sharing," Staten said.

Read more about cloud security in CSOonline's Cloud Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security AgencyapplicationsCloudnsaData Protection | Cloud Securitysoftwarecloud computingForrester Researchinternetdata protectionsurveillance

More about Forrester ResearchNational Security AgencyNSASwitzerlandTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts