Can you trust the cloud?

With more information being released about the extent of the NSA spying, can you really trust the cloud?

Clouds (SparkCBC, flickr)

In Michele Marius’ post last week, 5 takeaways from new allegations that the NSA infiltrated links to Yahoo, Google data centers worldwide, and as more and more information is released about the extent of the United States (US)-based National Security Agency (NSA) spying, more people are questioning the trustworthiness of cloud services. Considering that Google has featured prominently in much of the leaks about the spying, and that so many people who utilise their cloud services (me included), one has a right to wonder, how safe are cloud services?


 Cloud trends: the analysts speak

Leading IT advisory firm, Gartner, has predicted that cloud services will become the bulk of new IT spend by 2016, with nearly half of large enterprises having hybrid cloud deployments by the end of 2017.

Gartner also knows that the NSA scandal will be a challenge as companies ponder whether to adopt the cloud, especially companies in non-US countries, such as those in the Caribbean. A report (PDF) by the Information Technology & Innovation Foundation (ITIF) in August this year stated that PRISM (the NSA’s electronic surveillance and data mining programme that came under scrutiny a few months ago) could cause the US cloud computing industry to lose between USD 22 and USD 35 billion over the next three years. There is already some evidence of non-US companies cancelling contracts according to a report by the Financial Times.

Private leased lines not so private

The new information released now implies that you cannot trust your telecommunications service providers either, even if they say they are giving you “private” links. I, for one, never trusted private leased lines; I knew how easy it was to tap into those circuits, and am amazed though that Google and Yahoo had so much trust in those service providers, that they left their data unencrypted across those links.

What can we do?

With the new revelations, India and Brazil have lashed out, and are planning to put their own systems in place to prevent any foreign espionage. However, I am not surprised that no such anger is originating from our Caribbean countries.

Nevertheless, the circumstances do provide us with an opportunity to set up our own locally or regionally hosted and operated cloud services. I know of Fujitsu Caribbean offering locally hosted service in Trinidad, but there’s no reason that we cannot have a locally or regionally owned company providing those services. We, in the Caribbean, need to get our act together and tighten up our cyber-security, data protection and privacy legislation.

In the meantime, you should take steps to protect your own data. Choose carefully your cloud service providers and the data you want hosted there, encrypt your data being stored in the cloud, and please encrypt those private links using VPNs (Virtual Private Networks) or encryptors.


Image credit:  SparkCBC/flickr