When Edward Snowden ripped open the curtain and began revealing details of the NSA's data vacuuming, IT analysts warned that an unintended consequence of the program was a huge blow to the credibility of U.S. cloud providers. After all, they asked, why would anyone who cares about the security of their data put it someplace where government snoops could access it?
At the time, the ITIF (Information Technology & Innovation Foundation) published a prediction that the U.S. cloud computing industry stood to lose as much as $35 billion by 2016. James Staten, a veteran Forrester Research analyst, suggested that the ITIF might be too low, saying the hit could be as high as $180 billion, or 25 percent of overall IT service provider revenues.
[ When in China or Russia, here's why you shouldn't leave your laptop alone. | The troublesome world of corporate and government spying revealed by Edward Snowden. | Get a digest of the key stories each day in the InfoWorld Daily newsletter. ]
Nearly a year later, it appears that those fears were in fact justified, but not to the degree predicted. For example, Cisco Systems admitted during its recent earnings call that it has lost offshore business due to fears of NSA spying, and that recent RFPs (requests for proposals) from customers have explicitly excluded U.S. cloud providers as an option for Cisco to consider. Cisco's CEO attributed some of its weak European results to fears related to spying, but he declined to quantify the losses and in a later interview with the New York Times said that the NSA disclosures had not affected Cisco's sales "in a major way."
Meanwhile IBM is spending $1.2 billion to build more secure cloud data centers abroad in an attempt to placate nervous foreign customers.
When he predicted a possible loss of $180 billion in business for U.S. cloud providers, "I was explicitly painting the worst case," Staten told me this week. "The numbers could well be lower. Right now, there's not enough evidence to support a doomsday scenario."
U.S cloud providers find foreign customers are suddenly not so interested in them
But there's no question there's been damage to those providers, such as Amazon Web Services, Google, Microsoft, Rackspace, and Salesforce.com. Like other businesses, IT companies are quick to boast about wins and much slower to tell the world about losses, so it's not easy to be very specific about the real extent of the NSA's effect on cloud providers. But it certainly is real.
"I do get a lot of questions about hosting services outside the U.S., particularly from Canada," says Gartner analyst Ed Anderson. A recent IDG News survey showed that North American and European companies are being more cautious about using U.S. cloud providers and are paying more attention to their security arrangements.
Offshore providers are taking advantage of mistrust engendered by the NSA. But the natural evolution of the cloud business made the rise of non-U.S. providers inevitable, Anderson says. "It's likely that the NSA revelations sped up a process that was going to occur on its own, and some of what you hear from foreign providers is chest thumping by companies trying to steal business from U.S. providers." The NSA scandal makes it easier to do so.
Forrester's Staten was recently briefed by a large French retailer and a major German manufacturer that were putting out RFPs that pointedly did not include U.S. companies that normally would have been strong candidates, he says. Even so, the companies did not explicitly say that security fears were the reason, which is why Forrester is now conducting a study that Staten hopes will allow it to quantify the actual losses caused by the NSA's program.