The leaking of classified documents detailing the data collection activities of the U.S. National Security Agency earlier this year reignited some long-standing concerns about the vulnerability of enterprise data stored in the cloud. But instead of scaring businesses away from using hosted services, as some experts predicted, the leaks about the NSA spy programs are driving some long overdue changes in enterprise and service provider security and privacy policies.
When Edward Snowden first began spilling details of the NSA's surveillance practices to selected reporters in June, industry analysts had expected that the revelations would put a severe crimp on plans for cloud deployment. For instance, the Information Technology & Innovation Foundation in August said the leaks could cause U.S. cloud providers to lose 10 percent to 20 percent of the foreign market to overseas competitors -- or up to $35 billion in potential sales through 2016.
[ InfoWorld presents the Bossies 2013, the best open source software for security, data centers, clouds, and more. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
Another industry group, the Cloud Security Alliance, predicted a similar backlash due to concerns by Europen companies that the U.S. government would access to their data. Six months later, the impact appears to be less severe than expected.
Despite some reports of slowing sales of cloud services by U.S. vendors to overseas companies, experts now expect that the Snowden leaks will have little effect on long-term sales. The business benefits of using cloud-based services continue to supersede enterprise fears of government snooping.
At the same time though, the detailing of classified NSA spy programs has prompted an increased emphasis on cloud data security and protection that's expected to grow further in 2014.
The leaks hammered home just how little control companies have over data stored in the cloud, said Richard Stiennon, principal at consulting firm IT-Harvest. "There is a fundamental shift to a zero-trust model in the cloud." The disclosures showed enterprises that "there cannot be any chink in the trust chain from internal resources to the cloud and back."
Analysys say IT security officials are looking at several key areas, such as data encryption, key management and data ownership, regionalization, and the need for increased government transparency, to improve cloud security.