Protecting the US Cloud Industry and their Customers

You are probably, at least to some extent, aware of the controversy surrounding the now infamous online surveillance program run by a number of government agencies in the US and abroad. Almost on a weekly basis more information and details about the program are being leaked to the media. The revelations regarding the massive scope and span of the programs have raised concerns among two main groups.

The first group which includes a broad array of tech enthusiasts, human rights organizations and civil liberties advocates are up in arms about what can be considered a gross violation of individuals’ right to privacy on a massive state-sanctioned scale. They have filed petitions, lawsuits and organized protests. Even the US congress has held several hearings and opened inquiries into these programs and the agencies in charge.

The second group, which I would categorize as commercial interests, is those involved in the business of Internet: Big data, cloud, hosting, XaaS, etc. Cloud service providers, based in the US, are dealing with the ethical consequences of an outpouring of leaks regarding their government’s direct and unlimited access to customer data stored in their formerly considered secure data center. This begs the question, will customers, particularly foreign customers with strict regulations regarding privacy and security of data, trust the cloud service provider again? It’s debatable what the impact would be but one particular study claims that US Cloud Computing industry stands to lose as much as $35 billion over the next three years as a direct result of newfound concerns over data and network security.

So what options exist for cloud providers and consumers to alleviate this situation? For the distraught cloud CEO and his company, good PR and a reinforced privacy policy might help. On the technology side, the basic principles of data encryption are still valid. Of the three main components of a data encryption system (data, encryption engine and key manager) leave key management and, if possible, the encryption engine (client side encryption) in your customers’ hands.  This way, customers are protected against potential “rouge administrators” and the business is protected against demands to reveal customer data. After all, you can’t unlock a door you are not holding the keys too. On the flip side, if you happen to be a concerned consumer of cloud services, look for providers who use products and technologies that give you control over encryption keys and allow you to keep them separate from the data and on-premise rather than in the cloud.

Previous Post
UEFI Summerfest 2013
Next Post
The End of Trust?

Related Posts

It’s Time for a Better IaaS Security Solution

Earlier this month, WinMagic announced the general availability of the new security software solution that provides full enterprise controlled key management and encryption for virtual works load running in public and private IaaS environments, SecureDoc CloudVM. (more…)
Enterprise Encryption for Linux

Enterprise Encryption for Linux

Linux has built in encryption for several years now, yet enterprises still struggle with encryption on Linux laptops.  Why is that? To answer this question, let’s first review the disk encryption capabilities that are built into Linux: (more…)

A new year, same mistakes

It’s 2013 and everything old is new again. It’s 10 days into the year and so far we’ve heard about at least two key data thefts and a summary penalty for exposing personal health info in the U.S. (more…)
Read more

Hidden Benefits of Encryption for Legal Services

Lately we have noticed a growing interest for encryption and data security in the legal services industry. Legal services face a similar challenge as other verticals with the need to protect corporate assets being shared through multiple devices and portals.…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu