Thales Blog

In Cloud We Trust? The PRISM Effect On The Future Of Cloud-computing

November 12, 2013

Screen Shot 2013-11-12 at 8.31.22 AM

It’s hard to believe that just a few months ago we were all oblivious to the US NSA’s surveillance system, PRISM. It’s now commonplace to read about how the programme has been collecting and storing huge swathes of data – including information pertaining to individuals and organisations resident beyond US shores.

The revelation that surveillance was allegedly happening in foreign countries has put the EU in a difficult position, not least for diplomatic reasons. Perhaps more interesting, though, is the number of high-profile technology companies that have understandably waded into the fray in recent weeks – claiming that the government’s activity undermines their customers’ confidence and by proxy, has taken its toll on their hard earned bottom-line.

From the cloud-computing perspective, the industry consensus is that this damaged trust will cost US-based providers of hosting services tens of billions of dollars internationally. While Europe’s digital chief, Neelie Kroes has wasted no time in claiming that the PRISM scandal has presented an opportunity for Europe to become the world’s leading “trusted cloud region” – EU providers will not emerge unscathed. It’s clear from conversations that I’m having with customers that the revelations on the whole have aggravated their security and data sovereignty concerns about information they hold in cloud environments.

While tales of espionage and bugged embassies continue to distract, like plot of an intricate John Le Carré novel, here at Vormetric we still advocate that for any organisation looking to quell their data privacy concerns and make the most of what cloud-computing has to offer, businesses need to start by protecting the data first. After all, data doesn’t come with its own in-built defences. Locking down data with sophisticated encryption, and buffering it with granular access controls, means that wherever your data resides (or ends up residing) – in physical, virtual or cloud environments – you still have absolute control over it. What’s more, it’s also rendered total gibberish to anyone not authorised to read it.

Equally, I suggest you return to your cloud computing contracts – examine their contents and ensure that you understand what security processes your cloud provider has in place to secure their environment.