We’ve all seen the massive move to cloud and push my Microsoft to get us all there even more. What concerns me is the fact that the NSA has been saving every single thing we’ve been doing in the cloud for years already via its Prism Program, without our knowledge.
Once the internet giants have got us 100% online, what’s stopping them from pulling the plug on us unless we fork out ridiculous sums of money? There are thousands of companies all over the world apart from the billions of people all storing everything online. How do we protect ourselves if Microsoft, Google, Facebook, LinkedIn, WordPress, Youtube and friends join forces against us?
Most media are writing complete nonsense about what the NSA (and other security agencies) are doing with online data. The PRISM program is about ‘data wiretapping’ and isn’t about ‘unlimited access to cloud storage from Google, Facebook or Microsoft’. So when it comes to PRISM it doesn’t matter if your data is in your own datacenter, hosted or at a cloud provider. If you remotely connect to the data over the internet it could be tapped.. This is an article which does a great job explaining this.
The bigger the cloud provider, the more reputational damage (Stockholder value loss!) if they would give data to a government without good reason.
And yes ‘online giant’ theoretically have to power to pull the plug, but they won’t use this power unless you have no choice. If they would use it without good reason it could be very bad for their reputation (lose customers and shareholder value). There are also more and more standards being created for ‘Cloud Export’ so we can easy move our data from one cloud to another (although it might take some years before this becomes mature).
I’m pretty sure the market will force Cloud providers to be good. We should be worried about our governments. There is one thing we should focus on: the rules and regulations that check if the ‘Security Agencies’ uses their tools only to find terrorists or other bad people (and destroy all data when someone is not guilty). The thing we need to focus on is the quality of the feedback loop (just like putting real user advocates in your SharePoint project team;). If this system works (and your country isn’t run by a dictator;) surveillance tools like PRISM won’t be put to wrong use.. Here is good article on this topic.
There is one simple advice: Encrypt your data with a sufficient algorithm (2048 bit +), keep the key on premises, and you can be pretty sure if won’t be read by others..
