There is already evidence that the NSA is performing upstream traffic interception on the networks of high-level ISPs that operate Internet backbone infrastructure, as shown by the case of Room 641A, an NSA Internet traffic interception facility located in a AT&T building in San Francisco that was exposed in 2006.
"We have no idea what the NSA can do," Green said. "However it's reasonable to assume that even if they can break modern encryption schemes -- a pretty big assumption -- it's going to be pretty expensive for them to do so. That rules out massive non-targeted eavesdropping on encrypted connections."
The feasibility of breaking SSL encryption is also determined by the different configurations in which the protocol can be used. For example, the Diffie-Hellman -- DHE and ECDHE -- configurations of SSL are much more difficult to tap than the RSA configuration, Green said.
In order for encryption to completely prevent unwanted surveillance, the data must be encrypted throughout its life, said Dwayne Melancon, chief technology officer of IT security firm Tripwire, via email. "If it is in the clear at any point (at rest, in use, or in motion) it could potentially be accessed by others without credentials."
This means that data needs to remain encrypted not only as it travels across the global Internet and passes through routers and servers in different jurisdictions, but also while it's used in real time by applications, as well as when stored for backup purposes.
Ensuring that the private keys used to encrypt the data remain secret at all times is paramount. That's not easy to do when running live applications and hosting databases on cloud servers or when relying on other cloud services.
"If an organization relies on the cloud service provider [CSP] for encryption, the CSP holds the encryption keys," said Steve Weis, chief technology officer at PrivateCore, a company that develops technology for encrypting data during program execution, via email. "The organization has no knowledge or control when someone lawfully attempts to access encrypted data. The organization is blind."
Companies should adopt a "trust no one" model for the management of encryption keys, Melancon said. Private keys should not be shared with anyone else, especially third-party service providers, he said.
Even though there are technologies available that can enable the safe use of encryption when cloud servers are involved, getting everything right and ensuring that there are no errors in the overall implementation can require a lot of resources.
"It can be done, but it takes a lot of forethought, a lot of effort, and the use of true end-to-end encryption will increase your costs," Melancon said. "It may also require you to rewrite applications, or switch providers in order to handle all aspects of end-to-end encryption."
When considering that NSA's primary mission is the gathering of foreign intelligence, companies that are not based in the U.S. should probably be even more concerned about the recent revelations regarding the agency's surveillance efforts.
"If you're a European company dealing in sensitive corporate data, I think you'd be crazy to use a U.S. cloud service," Green said. However, that won't stop companies from doing it, he said.
"A big part of the political scandal in the USA right now is the fact that the NSA is spying on Americans," said Zooko Wilcox-O'Hearn, co-founder of the Tahoe-LAFS project, a distributed, fault-tolerant and encrypted cloud storage system. "However, absent evidence to the contrary, I would assume that the NSA is at least as effective at spying on data in European and other locales as in American locales."