We’ve all seen the massive move to cloud and push my Microsoft to get us all there even more. What concerns me is the fact that the NSA has been saving every single thing we’ve been doing in the cloud for years already via its Prism Program, without our knowledge.
Once the internet giants have got us 100% online, what’s stopping them from pulling the plug on us unless we fork out ridiculous sums of money? There are thousands of companies all over the world apart from the billions of people all storing everything online. How do we protect ourselves if Microsoft, Google, Facebook, LinkedIn, WordPress, Youtube and friends join forces against us?
Damn. When if this is true (see link) , it will definitely infuence my talks with customers about the Microsoft Cloud. And yes, Outlook.com is consumer focused and no word on Azure/o365 … but it won’t help us..
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
A valid point but at the same time if you look at the same scenario in a more regular basis things view… for example … its like you live in a village that has number of grocery stores and you depend only on them either buy from their or grow your own.. now if all the stores join forces and charge a lot.. certainly not everyone will be able to afford it and people will seek alternatives… may be end up growing their own stuff making the demand market go down and hence suppliers are at risk… now same is the case here .. if they would in any way do this… they would be taking a huge risk at their business as people who cannot afford it (which is going to be a lot) will find alternatives
In short… I guess cloud has its pros and cons but not from this perspective as for them to join forces for money would mean loosing out on people.
just a thought…
+1 for the posts by Seb and Maarten 🙂
For me security is about balancing the following;
- What is the likelihood that something will get out?
- What is the damage/consequence of it getting out?
- How much time and effort can I expend making sure it doesn’t get out?
- How will my efforts to prevent it getting out affect usability?
The revelations about PRISM and associated shenanigans obviously impact point number 1 the most, but what about the rest?
As for number 2, I’m not sure how much the NSA cares about my Office 365 account in all the petabytes of data they must have collected. I don’t feel like I have anything to hide*
Number 3 doesn’t change much as I’ve always assumed that once I moved to cloud, I could only control local security and since NSA/GCHQ can allegedly access pretty much what they want, it won’t help to move from one cloud vendor to another.
Number 4 stops me from leaving the cloud altogether. I could not afford to move my business back on premises now but I can see that for companies who are hybrid or have not started with cloud yet that this gives them pause for thought.
I’m actually more worried about the 2nd or 3rd order effects of government data snooping, specifically the following;
- How secure are they? I don’t want evil hackers breaking into the governments servers and stealing anything they can use for identity theft etc.
- * with reference to the earlier point about having nothing to hide… Can I trust the government not to move the goalposts? For example, lets say that I made a comment online about hating cats. If it becomes a hate crime to speak out against cats will this data be used to prosecute me?
In summary, barring the zombie apocalypse, cloud is here to stay, Big Brother *is* watching and there’s not a lot we can do about it apart from keeping a critical eye on how our governments behave and holding them to account.
Great additional point Maarten. Just because they are vacuuming everything up doesn’t mean they’re nosing through the dustbag…
Rackspace gave a great statement about their position: http://bigseb.me/11sPHBK
It’s from one of their legal folk, not a marketeer so it’s true as blue.
. .\Seb
Most media are writing complete nonsense about what the NSA (and other security agencies) are doing with online data. The PRISM program is about ‘data wiretapping’ and isn’t about ‘unlimited access to cloud storage from Google, Facebook or Microsoft’. So when it comes to PRISM it doesn’t matter if your data is in your own datacenter, hosted or at a cloud provider. If you remotely connect to the data over the internet it could be tapped.. This is an article which does a great job explaining this.
The bigger the cloud provider, the more reputational damage (Stockholder value loss!) if they would give data to a government without good reason.
And yes ‘online giant’ theoretically have to power to pull the plug, but they won’t use this power unless you have no choice. If they would use it without good reason it could be very bad for their reputation (lose customers and shareholder value). There are also more and more standards being created for ‘Cloud Export’ so we can easy move our data from one cloud to another (although it might take some years before this becomes mature).
I’m pretty sure the market will force Cloud providers to be good. We should be worried about our governments. There is one thing we should focus on: the rules and regulations that check if the ‘Security Agencies’ uses their tools only to find terrorists or other bad people (and destroy all data when someone is not guilty). The thing we need to focus on is the quality of the feedback loop (just like putting real user advocates in your SharePoint project team;). If this system works (and your country isn’t run by a dictator;) surveillance tools like PRISM won’t be put to wrong use.. Here is good article on this topic.
There is one simple advice: Encrypt your data with a sufficient algorithm (2048 bit +), keep the key on premises, and you can be pretty sure if won’t be read by others..
