Explosive revelations in the past six months about the U.S. government's massive cyber-spying activities have spooked individuals, rankled politicians and enraged privacy watchdogs, but top IT executives aren't panicking -- yet.
So far, they are monitoring the issue, getting informed and taking steps to mitigate their risk in various ways. But the alarming reports haven't prompted them to roll back their decisions to host applications and data in the cloud.
[ Also on InfoWorld: NSA spying scandal accelerating China's push to favor local tech vendors. | Stay on top of the state of the cloud with the "Cloud Computing Deep Dive" special report. Download it today! | Also check out our "Private Cloud Deep Dive," our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive," and our "Cloud Services Deep Dive." ]
That's the consensus from about 20 high-ranking IT executives interviewed in North America and Europe about the effect that the U.S. National Security Agency's snooping practices have had on their cloud computing strategy. The news broke in June, after former NSA contractor Edward Snowden began leaking the earth-shaking secrets to the media.
Many of the IT executives interviewed say that they're not thrilled with the situation, and that it has made them more careful about cloud computing plans and deployments, prompting them to review agreements with vendors, double-check best practices and tighten security controls.
However, these IT executives haven't been completely surprised by the revelations. Whether by overt means or through covert operations, it's well known that governments engage in surveillance of telecommunications and Internet traffic.
"Government surveillance hasn't changed our opinion about cloud computing. The cloud model is attractive to us, and I was never that naive to think that this type of government monitoring wasn't going on," said Kent Fuller, director of enterprise infrastructure services at BCBG MaxAzria Group, a Los Angeles-based women's fashion designer and seller that uses Microsoft's Office 365 public cloud suite primarily for employee email.
Stealthy monitoring of computer systems and communications by governments currently doesn't rank among the top IT security concerns for many IT leaders. "Every CIO will tell you we worry every minute of every day about security, privacy, redundancy, operational continuity, disaster recovery and the like," said Michael Heim, Whirlpool's corporate vice president and global CIO. "We're probably the most paranoid guys on the planet."
Jacques Marzin, director of Disic, France's interministerial IT and communications directorate, said the NSA scandal confirmed the known risks associated with the use of public cloud services. "We are of course concerned about any third party access to our data although we have limited usage of public clouds," he said.
However, having everything behind the firewall also carries risks. CIOs worry about the cost and complexity of running servers on their own premises and the potential loss of competitiveness if rivals are taking advantage of the benefits of cloud computing.