Posted by Kalyani M. on Oct 24, 2013
The cloud is a driving force behind today’s IT industry. However, the recent revelations about US government’s PRISM program has badly affected the reputation of US-based cloud industries. The ongoing public debate about privacy issues at the FISA court has raised concerns among foreign customers. As per international cloud customers, “if the FISA court can issue a “national security letter” to gain access to US-based Internet companies’ servers, any foreign company’s data stored on these servers could be accessed by the US government”.
The rivals of US cloud computing services were initially under the suspicion that the data is shared with surveillance agencies. The PRISM revelations in June, confirmed their suspicions; that the data stored on US servers can be accessed by the government. “Whoever fears their communication is being intercepted in any way should use services that don’t go through American servers,” and should stop using American companies such as Google and Facebook, said German Interior Minister Hans-Peter Fredrich in July.US is a global leader in providing cloud computing services but the NSA leaks could cause a shift away from leading data storage providers like Google, Yahoo and IBM.
A report released by the Information Technology and Innovation Foundation (ITIF) claims that the NSA’s PRISM program could cost the US cloud computing industry anywhere between $22 billion and $35 billion over the next three years. The news about the NSA cracking encryption of common online security products and placing secret doors at the access points can further undermine the confidence of foreign businesses. The NSA has been successful in cracking the majority of the encryption codes on the Web, by using supercomputers, technical trickery, court orders, and behind-the-scenes persuasion to crack the standard encryption technologies. Apart from cracking encryption of online products, the NSA has devised programs to deliberately insert vulnerabilities in commercial products, so that they can collect more information by exploiting those vulnerabilities. Basically the NSA asks these companies to deliberately make changes to their products in undetectable ways like leaking encryption keys, making random number generator less random, adding a common exponent to a public-key exchange protocol, and so on.
However these predictions can be considered as mere estimates, as various thought leaders in the cloud computing market has argued that they do not think that customers will be less inclined to put their data and IT operations online given the PRISM revelations. Brian Okun, regional sales director at Prevalent Networks in Warren, N.J said that “I think there will always be people who don’t feel safe putting data in the cloud, just as there are individuals who want to move to the cloud. First, you’re never going to be a 100 percent secure online. Second, you need a layered, multipronged approach to security. And third, you need to be an early adopter of new security technology instead of a laggard.”
People who have been enjoying the benefits of high quality US based cloud services will think twice before moving to alternate services. Many well-known and high profile cloud storage companies are making changes to their business model to remain competitive in the market, keeping the NSA surveillance in consideration. For example, Amazon Web Services have cut down prices by 80% because they fear that NSA’s revelations would turn their customers away. The losses were fairly marginal in reality. So, saying that the PRISM revelations would lead to an industry shift can be an exaggeration.
Similarly, companies are incorporating better security practices in order to protect customer data and live up to the trusts of their customers. They are implementing stronger encryption standards, larger keys, and complex hash algorithms to maintain the confidentiality and integrity of user data. Recently Yahoo has announced that it will enable default HTTPS encryption in its email service to keep the email messages private.
Under this situation, there are huge benefits for companies that provide client server security to protect customer data from government surveillance. Cloud startups whose prime goal is to secure their customer data will see a huge growth in their business in the near future.
SpiderOak Blue for Enterprises:
Finding a truly secure third party cloud service can be a challenge as many services on the market have security gaps that leave private data vulnerable to third party attacks. One cloud storage and sync service that sets itself apart is SpiderOak Blue. This service provides enterprises with a fully private cloud service featuring all of the benefits of cloud storage along with 100% data privacy. And for the average web user, SpiderOak offers the same protections with lower costs and smaller storage space. You can signup for this product now.
SpiderOak Blue protects sensitive enterprise data through two-factor password authentication and 256-bit AES encryption so that files and passwords stay private as unreadable blocks of data. Two-factor authentication is just like the process used by some financial services that require a PIN as an extra precaution along with a password in order to log in. With SpiderOak, enterprises that choose to use two-factor authentication must submit a private code through text along with their unique encrypted password. Authorized accounts can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices (SpiderOak never hosts any plaintext data). SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices.