Seeking Alpha

NSA revelations costing U.S. cloud-computing providers

  • U.S. cloud-computing companies could miss out on $21.5-35B of revenues over the next three years because of concerns about how U.S. authorities such as the National Security Agency have been accessing the firms' user data.
  • The estimate comes from the Information Technology & Innovation Foundation think tank.
  • Companies that could be affected include Amazon (AMZN), Google (GOOG) and Microsoft (MSFT).
  • There's increasing evidence that non-U.S. firms have been canceling orders and limiting their use of U.S. cloud service providers. In a membership survey by the Cloud Security Alliance, 10% of non-U.S. respondents said they had ended a project with a U.S. cloud company, while over half said they would be less likely to use one.
Comments (20)
  • marv09
    , contributor
    Comments (279) | Send Message
     
    "In a membership survey by the Cloud Security Alliance, 10% of non-U.S. respondents said they had ended a project with a U.S. cloud company, while over half said they would be less likely to use one."

     

    They do not have an alternative in many cases. E.g. EU companies have to store data (staff data, customer data, etc.) according to EU, or their national data privacy regulations, which are in most cases much more strict than in the US. The US did sign a "Safe Harbour" agreement with the EU, guaranteeing that companies qualifying for it will treat EU data on US servers according to EU standards.

     

    It is now glaringly obvious that this is not being done. And once EU companies have this information, they are, by law, no longer allowed to use these services, as their staff and clients could sue them for gross negligence.
    6 Aug 2013, 05:20 AM Reply Like
  • ClassicLib
    , contributor
    Comments (71) | Send Message
     
    Great article and thank you for bringing this up.

     

    I was being laughed at by people in my industry when I told them there would be blow-back on the public cloud. Well here we are. The bottom line is that if you want your data secured, you need to build your own private cloud. This is going to bode very well for the likes of Openstack, VMWare, etc while companies accelerate their exit from the public cloud space. I see the public cloud as still being heavily used for things like caching and development work, but not so much for companies that want their bulk data storage, databases, hadoop, etc secured. BTW, collocations are also seeing huge surges in rack lease space sign-ups, which is also an indicator of exactly what this article is talking about.

     

    What I anticipate seeing is more government intervention on collocated data centers and data privacy. If you all were paying attention this week the FBI is really starting to put pressure on datacenters to install their snitch software on aggregation routers. I don't think it will stop there as they want to know what is on the storage networks as well. I see more intervention now they know they are losing some turf to the recent privacy concerns.

     

    Case in point: If you want security, you have to do it yourself and use tools that have not yet been assimilated into the illegal spying machine.
    6 Aug 2013, 06:01 AM Reply Like
  • Viper740
    , contributor
    Comments (126) | Send Message
     
    "Case in point: If you want security, you have to do it yourself and use tools that have not yet been assimilated into the illegal spying machine."

     

    What makes you think what the government is doing is illegal? They are operating according to laws set by our congressmen. Just because they rules that govern their activities, and the activities themselves, are secret (and rightly so), that does not make said activities illegal.

     

    And if you ask me, this is actually part of a much larger problem that has been building for nearly 100 years - excessive government intervention.

     

    If we want to get rid of the NSA's activities, fine, but also get rid of Social Security (forcing me to pay for someone else's retirement, which is equally as bad as the gov't looking at my metadata), Medicare (forcing me to pay for someone else's health care due to their unhealthy eating and lifestyle, which is equally as bad as the gov't looking at my Facebook), Dept. of Education, Dept. of Homeland Security, IRS (I can send my tax check to the Dept. of the Treasury directly without needing a special gov't bureaucracy), the DEA, etc, etc, etc.

     

    Notice that no one is up and arms about those things, which are much bigger threats to freedom than anything the NSA is doing?
    6 Aug 2013, 06:35 AM Reply Like
  • marv09
    , contributor
    Comments (279) | Send Message
     
    Be careful... It has been reported several times that several telcos (ISPs) collaborate, and also that the NSA does have hooks into several connection points to backbones. Colocation might not make the slightest difference. And the only safe way to operate any cloud service could be operating in within your own campus only.

     

    I do not see any sound way to beat this system, other than using encryption for each and everything, which is not feasible. The majority of people and businesses we exchange documents and data with could not deal with it.
    6 Aug 2013, 09:06 AM Reply Like
  • ClassicLib
    , contributor
    Comments (71) | Send Message
     
    I was referring more to data at rest encryption and geographic encrypted tunnels. These are still very much secure if you use the correct technologies.
    6 Aug 2013, 09:23 AM Reply Like
  • kmi
    , contributor
    Comments (3975) | Send Message
     
    I have to agree that security is a very slippery slope these days. I found this item interesting recently:

     

    http://engt.co/19KPN1b

     

    Quoting from the link:

     

    "There's no direct evidence that the malware comes from the government, but the malware's command and control IP address is registered to a governmental defense contractor. Plus, the data pulled from infected machines indicates it could be an example of the FBI's computer and internet protocol address verifier (CIPAV) software first identified by Wired in 2007."
    6 Aug 2013, 10:20 AM Reply Like
  • ClassicLib
    , contributor
    Comments (71) | Send Message
     
    I agree with you on all points except you taking me to task on the illegal comment. I am not sure about you, but I still operate under the Constitution. These are the laws of the land. Enumerated powers are in place for a reason and just because a group of Oligarchs that are bought and paid for by corporate lobbying interests does not make it law.

     

    When they stopped representing the people and started running Congress like a corrupt corporation is when I started to question these so-called laws. The Patriot Act, NDAA, etc are all examples of so-called laws that violate and undermine our Constitution and Bill of Rights. So yes, I see them as draconian forms of control that circumvent our legal rights as guaranteed by our founders.
    6 Aug 2013, 06:44 AM Reply Like
  • Viper740
    , contributor
    Comments (126) | Send Message
     
    Thanks for the clarification. Can you tell me in particular which laws are being violated? I'd like to know.
    6 Aug 2013, 07:15 AM Reply Like
  • gensearch2
    , contributor
    Comments (1378) | Send Message
     
    You may not have noticed that Congress passed and extended the Paatriot Act, it was signed into law by two Presidents and the Supreme Court of the United States took a look at it and it passed that Constitutional check.

     

    The ACLU is taking it to the Federal Courts again, which is fine. But as it stands right now it's Constitutional.

     

    If you want to argue that you're more of a Constitional authority than SCOTUS let's hear it.
    6 Aug 2013, 07:48 AM Reply Like
  • ClassicLib
    , contributor
    Comments (71) | Send Message
     
    Sure. The 4th, 5th and 1st ammendments. Our right against search and seizure is pretty much gone. I can provide sources and a list of violations if you desire.
    6 Aug 2013, 09:15 AM Reply Like
  • ClassicLib
    , contributor
    Comments (71) | Send Message
     
    Contitutional check. Hah. They routinely pass things they don't even read. How is that working in the best interests of the people?

     

    I am never said I am a "Constitutional Authority". What I am is an American that is sick on tired of CONGRESS NOT DOING THEIR JOBS.

     

    We can get into greater debates about the Consitutionality of the so-called laws, but I will say that anyone who does not see the current government as overreaching in an unpresedented way is really ignoring reality.
    6 Aug 2013, 09:21 AM Reply Like
  • NYCTEXASBANKER
    , contributor
    Comments (1800) | Send Message
     
    iwe76
    most people don't even know the first amendment.
    over 80% did not realize freedom of speech only refers to the individual rights against the government and that freedom of speech versus corporations in not guaranteed.
    7 Aug 2013, 11:44 PM Reply Like
  • Gary J
    , contributor
    Comments (3506) | Send Message
     
    Laws can be contrary to the Constitution i.e., many of the gun laws. They can be challenged by the courts though.
    6 Aug 2013, 07:03 AM Reply Like
  • ClassicLib
    , contributor
    Comments (71) | Send Message
     
    As long as they don't infringe on the fundamental rights. That is key.
    6 Aug 2013, 07:16 AM Reply Like
  • Gary J
    , contributor
    Comments (3506) | Send Message
     
    Again, that is a matter for the courts.
    6 Aug 2013, 08:12 AM Reply Like
  • marv09
    , contributor
    Comments (279) | Send Message
     
    Hm. While I do accept that the Patriot Act was created under terrible and exceptional circumstances, it is, by any means, affecting constitutional rights by design.

     

    I am not trying to deny the need for protection, but IMHO this whole thing needs to be revised objectively, without automatically considering everybody having concerns not a patriot. E.g. I see the need for some surveillance and tapping (if there are true indications of any danger), but I do not see any need for such a broad approach, and certainly no need to store all this intel ad inf.
    6 Aug 2013, 09:05 AM Reply Like
  • ClassicLib
    , contributor
    Comments (71) | Send Message
     
    And the courts have largely failed the people except in a few rare instances.
    6 Aug 2013, 09:16 AM Reply Like
  • Gary J
    , contributor
    Comments (3506) | Send Message
     
    And that is a matter of opinion assuming whatever "rare instances" means,
    6 Aug 2013, 09:23 AM Reply Like
  • stoj
    , contributor
    Comments (262) | Send Message
     
    This is part of a trade war, in which major EU companies are not allowed to migrate the tech and cloud industry to the USA ( even if the US has better quality at cheaper price ) because of anemic growth in the EU. "Security reasons" are masking that fact, unless it's actual defense, military data. ( which it isn't ) On a side note, there is no Amazon center in Scandinavia, meanwhile Scandinavia has the highest retail prices in the world ( even before sales taxes of 25% ) while being stuck with fragmented internet retailers that can often not be trusted. US technology is being strongly resisted, sometimes even by the friendliest, most developed Nations
    6 Aug 2013, 09:08 AM Reply Like
  • Derek A. Barrett
    , contributor
    Comments (3534) | Send Message
     
    I always just operate under the assumption that anything that goes through an internet router is being recorded by someone, somewhere. If you can't keep it in house and are transmitting it over the wire, it's almost guaranteed someone is going to have access to it.

     

    True, hackers can still gain access to in-house systems but it's much more difficult.

     

    I am sure this post is being recorded in about 10 different places as soon as it's posted.

     

    I am more concerned about Facebook and Google data mining than the NSA. At least with the NSA that's their job, but users are willingly handing over confidential information to Facebook and Google.
    6 Aug 2013, 01:35 PM Reply Like
DJIA (DIA) S&P 500 (SPY)
ETF Tools
Find the right ETFs for your portfolio:
Seeking Alpha's new ETF Hub
ETF Investment Guide:
Table of Contents | One Page Summary
Read about different ETF Asset Classes:
ETF Selector

Next headline on your portfolio:

|