US cloud service providers could suffer loss of business following the revelations about the US National Security Agency's Prism surveillance system.
According to a report by the Guardian, European Commission vice president Neelie Kroes said that European businesses are likely to abandon the services of American providers that could suffer a significant loss of business if clients fear the security of their material is under threat.
She said: “If businesses or governments think they might be spied on, they will have less reason to trust cloud, and it will be cloud providers who ultimately miss out. Why would you pay someone else to hold your commercial or other secrets if you suspect or know they are being shared against your wishes?
“It is often American providers that will miss out, because they are often the leaders in cloud services. If European cloud customers cannot trust the United States government, then maybe they won't trust US cloud providers either. If I am right, there are multi-billion euro consequences for American companies. If I were an American cloud provider, I would be quite frustrated with my government right now.”
Speaking to SC Magazine recently, a European corporate information manager at engineering and project management firm called on vendors that use the cloud to offer services that were not solely based in the US due to the Patriot Act.
Amar Singh, CISO of News International and chair of the ISACA Security Advisory Group, said: “Regardless of where you are - you could be anywhere on the planet - if you don't want anyone to look at your data and you don't encrypt it, you have no assurance it is safe from prying eyes.
“If you don't encrypt data, it is always open. More importantly, you need to hold the keys to your encrypted data.”
Dave Anderson, senior director at Voltage Security, said: “In general, the issue at hand is the ability to protect sensitive information from exposure, regardless of whether the exposure is caused by a malicious act, an inadvertent slip, a surveillance operation or a failure of protective controls or processes.
“Any sensitive information including financials, customer and employee data, or intellectual property should be protected across the entire lifecycle of that data, and loss or exposure of this data can result in compliance or regulatory fines, loss of brand and reputation and, as the recent events further validate, a loss of privacy around how we communicate and the content of those communications.
“This will become even more critical as organisations move to the cloud, and increase their awareness of how to best protect themselves from the impact of these types of surveillance and breach activities. The benefits of moving to the cloud are dynamic. Companies are not going to move away from this and will continue to look for ways to leverage the cloud to support current business processes, as well as identifying new customer initiatives through the cloud that will make them more competitive.
“The ability to properly protect their data from exposure and surveillance, while simultaneously leveraging the cloud, is the true key to competitiveness moving forward.”