Edward Snowden’s revelations of sophisticated NSA spying have made many senior IT staff distinctly edgy about their use of the cloud with nine out of teen now paying close attention to the location of stored data, a survey of global attitudes has found.
Teasing out the effect of Snowden on IT teams that are already cagey about the immaturity of the cloud is no mean feat. Have his revelations changed behaviour on the ground?
In NSA Aftershocks, NTT Communications found that nine out of ten of the 1,000 decision makers it asked in the UK, US, Hong Kong, France and Germany believed that Snowden has had some effect on their approach to the cloud.
In just over half of cases, more attention was being paid to where data was stored geographically, with just under half carrying out more due diligence on cloud projects. Around 35 percent said they’d changed their procurement policies for cloud providers with 62 percent stating that the revelations had stopped them from moving ICT into the cloud.
So Snowden is affecting behaviour on the ground, but it’s still not clear whether some of this isn’t natural wariness as people get to grips with the inevitable risks of using remote cloud providers.
For instance, 97 percent of respondents said they preferred data to be kept within their own region, something that is particularly true for EU enterprises. But this is as likely to be driven by data sovereignty and compliance worries; even without Snowden this would have been an issue and it could just be that the reality of the NSA's capabilities has brought home the need to justify security procedures.
The view of some vendors is that encryption can be used to enforce data security but this is not easy to implement to the degree necessary to stop surveillance. It is also expensive and comes with a performance overhead.
Medium term, provider security is still likely to become a selling point.
“ICT decision-makers have been quick to learn from the current crisis and now understand how to scrutinise providers. Those suppliers that can live up to the increased demands for data integrity, governance and security will find success in the post-Snowden world,” noted NTT Communications’ authors.
If Snowden has caused more questions to be asked and killed a few assumptions, perhaps this will still benefit the industry. Alternatively, it will help create winners and losers with US firms coming under more scrutiny than previously.