The issue of deploying and managing a cloud across international borders is highlighted by the Edward Snowden incident, which revealed extensive government surveillance through the PRISM initiative -- heightening paranoia that any data hosted in the cloud is increasingly at risk of this type of snooping.
However, is this paranoia valid? And if so, what are the best practices for securing your information in an age of cloud across borders? While the world is still in its early days of coping with cloud governance, what is more immediately clear is the role cloud providers and security technologies will play in meeting this evolving challenge.
What we can see, therefore, is this is a sweeping and all-encompassing personal privacy issue that touches many different technologies, not just cloud computing.
Information privacy and the cloud
In light of these incidents, IT pros and enterprises must determine if these privacy threats are somehow uniquely relevant to the cloud, especially if hosted in the U.S. The perceived fear of these risks alone drives market demand outside of the U.S., causing a ripple effect that could hammer the U.S. cloud hosting industry.
Canada, and similarly in other countries, has promoted this situation as an opportunity to become the "Switzerland of the cloud" by offering a safe harbor for customers concerned about the threat of snooping by the U.S. government. But is that actually possible in Canada or elsewhere?
According to the Toronto Star, because of the telecommunications network structure in North America, Canadian traffic is routed through the U.S. anyway. Therefore, it's subject to eavesdropping -- long before enterprises move any data to the cloud or use cloud apps.
Similarly, if you think your data privacy is intact because you aren't located in North America, consider your own government. Canada, for example, has its own surveillance issues, and it's likely that most other governments will have similar spies and monitoring programs.
The role of cloud service providers in cloud privacy
What we can see, therefore, is that this is a sweeping and all-encompassing personal privacy issue that touches many different technologies, not just cloud computing. As we look at commercial issues, it starts to become more supplier- and technology-centric. Hand-in-hand with these fears come concerns about what rights we hand over to commercial cloud service providers and service-level agreement terms and conditions.
For example, as The Guardian reports, Microsoft cooperated with the National Security Agency to provide access to its secured emails, and recently there has been an uproar over perceived abuse of consumer privacy rights by Google.
This boils down to key issues, such as the terms for protecting our privacy that we agree to with cloud providers and how they implement those terms, the legal mechanisms to call upon for these actions and, ultimately, the extent to which we allow governments the power to conduct this extent of eavesdropping.
Learn about the 'mother of invention' for the cloud privacy industry in part two.
About the author:
Neil McEvoy is the founder and CEO of CloudBestPractices.net and a 20-year veteran entrepreneur in the field of cloud computing and multi-tenant software architecture business models. Neil has a track record of launching cloud computing products and startup ventures, and he specializes in enterprise cloud computing -- business transformation best practices for larger organizations.