Security and privacy has already been the top concern for major companies in adopting cloud computing. National Security Agency (NSA) and their PRISM surveillance program have turned out to be a nail in the coffin. Strange enough, all the big names of cloud technology like Amazon, Rackspace and Salesforce are missing from the list of 9 NSA-subservient companies. Yet, the revelations from famed whistleblower Edward Snowden have raised some serious questions about the present and future of cloud security.
How PRISM And Public Cloud Are Related:
It will be needless to describe the thirty-year-old intelligence program which was given a new life after Protect America Act of 2007 and by the FISA Amendments Act of 2008. Though telephone conversations, emails and other communications are known to be monitored, public clouds seem to be in the grey area. David Linthicum, senior vice president at Cloud Technology Partners and writer at InfoWorld, believes lack of connection between NSA and cloud computing. Yet, it is a normal perception by the term ‘public’ that it is available for everyone.
The problem is international citizens are more at risk than US residents. In fact, the program is actually aimed towards international surveillance. Also, UK has its own program code-named Tempora which is believed to collect data from fiber-optic cables. All of this will have a long-term effect on the public cloud computing.
Is It Possible To Remain Safe?
Steven J. Vaughan of ZDNet has given 6 worth reading tips on protecting yourself from NSA. These tips include not using any instant messaging service and quitting every social network. Cloud computing has been the top of the list, though Vaughan believes that NSA might not be directly getting information from the data centers of Amazon and Google. However, they may be getting it through ISPs. The fact is PRISM program might be getting more information about you, your company and your customers from social media and other cloud-based apps you normally use. Public clouds seem to be in the secondary list for ‘data spooking’.
What Companies Have To Say?
Soon after the first news of PRISM surfaced, all major companies like Google and Microsoft denied providing direct access to their servers. Yet they all agreed that they have been providing the information on the basis of government warrants and court orders. There had been serious concerns internationally as countries like Egypt and India are in the top 5 in NSA’s surveillance list.
Amazon is somewhat in the most sensitive position. The cloud company not just has the largest share in public cloud, but has also managed to get a bid to build cloud environment for CIA. Both Amazon and Rackspace while discussing data security agreed not to adhere any government request if it is not on-par with the Fourth Amendment and related laws.
What Are The Possible Solutions?
There are some possible solutions that can protect your data while even being at public cloud.
Encrypt Your Data: Encryption has even been recommended by Amazon. It adds a security layer over your data and makes it highly difficult if not impossible to decipher the text.
Go for Hybrid Solutions: David Linthicum believes that if government wants your data it will come after it even it’s in your closet or cloud. If you want to protect your sensitive data, we recommend that you deploy a private cloud infrastructure parallel to a public one.
Find Cloud Heavens: It was expected and it’s happening. Washington Post revealed that companies are now more interested in storing data in the cold environment of Switzerland. Companies all over the world are now looking for regional cloud hosting with stricter laws. Amazon and other big cloud names are also building offshore datacenters to provide alternative for enterprises who wish to stay away from surveillance programs like PRISM and Tempora.
Only time will tell how PRISM will affect cloud services market. Analysts and market data today point to a sunny day tomorrow, with cloud services providers observing a growth of 56% in Q1, 2013.