Cloudy with a Chance of Espionage

cloudyespionageIt was the best of times, it was the worst of times…  2013 was like that for the cloud.  As the increasingly intimidating list of United States domestic spying allegations continues to mount, cases of second thoughts in Cloud City are rising.  The seemingly unstoppable revolution toward global data accessibility is now facing the same obstacle that has hampered ownership and non-digital interchange since forever:  national borders.  With the Sarlacc’s share of cloud providers in the very same country plagued with the most disturbing revelations about the illusion of data security, there’s a bit of a problem.  Not surprisingly, the Lando’s of information enterprises are decrying that was never a condition of our agreement.  So far, the response has been more or less expected.  Perhaps you think you’re being treated unfairly?

For SMB, the financial implications of the cloud are so compelling that they can’t possibly rationalize getting off the wagon, even if NSA agents started to bring in bounty hunters, trash their droids, and freeze various people in carbonite.  For the sake of national security, of course.  Larger enterprises however, aiming to protect a larger legacy of IP, are not quite so convinced.  I’ve touched on this topic before in Cloudy with a Chance of Security, where both hybrid and fully private clouds offer additional, yet significantly costlier options.  Make the target client an enterprise in Europe, and careful thinkers are likely wondering if it’s time to start raging like a Wookie.

Jos Voskuil, accomplished PLM blogger and consultant, made the point rather succinctly in a recent LinkedIn discussion:

“The absolute focus on cloud worries me a little as a European. Perhaps not in the US, but here in Europe there are significant concerns about IP theft or data loss combined with liability of the cloud provider.  As most cloud providers are US based, it seems hard to get a 100 percent guarantee your data is not touched by others.  US laws related to homeland security allow every US intervention possible.  So “ancient Europe” is holding back on cloud solutions.”

He’s definitely not alone in his concerns, though many would argue that a 100% guarantee of any sort of security is a hypothetical ideal, and never a reality.  This deal is getting worse all the time!

A  Global Post article certainly adds Ewoks to the fire:

“Brazil has announced its intention to route all regional internet traffic locally and set up a secure national email service. EU officials have called for a “European data cloud” that would store data exclusively on the continent.  In July, 10 percent of respondents outside the US said that they had cancelled a project with a US-based cloud computing provider since the NSA program came to light, in a survey conducted by the Cloud Security Alliance, a trade group.”

A contributing factor is that The Cloud isn’t quite so lofty and disconnected as the name suggests.  In fact, according to recent Gartner Reports, Amazon Web Services (AWS) is far and away the market leader.  No one else currently comes close.  So really, we probably should call it The Amazon.  Or perhaps The Bezos.  Guess who else uses The Amazon?  Well, the CIA for one.  Naturally, the trend is to seek alternatives to The Amazon by seeding clouds over more amenable national borders.

As much as security and government surveillance presents a mounting concern for the established cloud providers, the situation seems to be providing an unprecedented opportunity for cloud providers outside US borders.  Or is it?  From the same Global Post article:

“A 2012 market research report noted that most European countries have anti-terror legislation or other laws in place that give governments access to users’ data, even in countries with strict privacy regulations.  In most cases, the authors noted, the government had the power to access data stored outside the country’s borders.”

I suspect at least a couple of countries in the EU are guilty of the same intervention as seen in the US; they just don’t happen to have their own equivalent of Edward Snowden, yet.  So the point may be a moot, though disturbing one.  Despite all the obvious drama, expect enterprise to continue to flock towards The Amazon.  Some might argue that true IT security has always been an illusion, and that at the end of the day the practicality and bottom line of the everyday business will dictate moving on.  Think of it this way: how many of you have ditched your Google accounts?  That’s what I thought.