Posted by Kalyani M. on Aug 21, 2013
By now just about everyone that uses the internet knows about Edward Snowden and the leaks on the NSA’s controversial PRISM citizen surveillance program. According to Snowden’s leaks, the PRISM program is the National Security Agency’s ongoing collection of citizen data from U.S. tech companies for alleged counter-terrorism intelligence. News of the program has made international headlines for weeks and U.S. cloud companies and associated technology businesses fear a severe drop in international business due to security concerns. But with a private cloud service that encrypts data, doesn’t host encryption keys, and never stores plaintext, American companies, citizens, and international consumers can all still take advantage of U.S. technological innovations.
A survey of European companies conducted by the Information technology and Innovation Foundation, shows a surge of distrust in American cloud companies. According to the survey’s author, Daniel Castro, U.S. cloud companies could lose up to 20% of the market share to international rivals. Of the survey’s respondents 56% would be unlikely to contract a U.S. cloud service in the future while 10% had already cancelled projects with U.S. cloud providers out of NSA concerns. Inside the U.S., 36% of respondents claimed that news of the program has “made it more difficult” to conduct international business. The fallout is projected to cost American tech companies up to $35 billion in lost international contracts in the next three years.
Overseas, competitors are relishing the scandal, which has shown to be incredibly profitable for them. Simon Wardley, an executive at the British think-tank the Leading Edge Forum, wrote on his blog, “Do I like Prism … yes, and god bless America and the NSA for handing this golden opportunity to us… Do I think we should be prepared to go the whole hog, ban US services and create a €100bn investment fund for small tech startups in Europe to boost the market … oh yes, without hesitation.” And according to chairman of the ANS Group, Scott Fletcher, “People in the UK have been reticent for a while about putting data into the US because of the Patriot Act, which means the government there can pretty much get access to everything. Prism has put into peoples’ minds that there might be co-operation in the UK with that. People talk to us and want their own private cloud service, because they know we don’t have that sort of relationship with the government. They want all the services to be based in the UK, rather than using Google or Amazon Web Services.” Despite the common presence of governmental monitoring around the globe, such companies are capitalizing as best as they can on the recent scandal, even though many clouds in the UK and Europe are less secure than some of their American counterparts.
One way to try to address the scandal is through instituting a cloud security certification program for all cloud service providers. This is project is currently underway through the united efforts of the Cloud Security Alliance and the British Standards Institute. Through expanding the CSA’s STAR program this fall the organizations seek to set an international standard for data security. CSA’s executive director, Jim Reavis, explained the project further, “The CSA programmer is self-certified, while the BSI will have assessors who will scrutinize vendors’ practices once a year and issue a certificate.” But even if such standards and certifications are put in place, getting companies to adopt them will be a challenge. Rather than waiting around for potential certification programs to gain popularity, enterprises should rely on storing data to cloud providers that offer strong data encryption and user anonymity. That way, even in the case of cracking by the NSA, all they would be able to see is unreadable blocks of encrypted data, thus guaranteeing true privacy in an age of online insecurity.
Protection from PRISM
For many enterprises, finding a truly protected third party cloud service can be a challenge as many “secure” services on the market have security gaps that leave private corporate and consumer data wide open to third party attacks and even governmental spying, in the light of the ongoing NSA PRISM scandal. One cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak Blue. This service provides enterprises with fully private cloud storage and sync, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak Blue is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server.
SpiderOak protects sensitive enterprise data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, consumers can rest easy knowing that their data is truly protected and brands can gain diehard customer loyalty by publically securing consumer information. SpiderOak Blue’s cross-platform private cloud services are available for enterprises on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and a mobile workforce.