NSA Revelations Rattle The Cloud Market: What Are You Doing To Calm Customers' Fears?


This report originally appeared on the CRN Tech News App for iOS and Windows 8.

The revelations over the extent of the National Security Agency's surveillance program have spurred businesses to ask more questions about the security of their cloud-based data. And the questions are now a whole lot more pointed.

Cloud solution providers say the fallout associated with the steady barrage of news associated with the NSA documents leaked by government contractor and former CIA employee Edward Snowden is difficult to predict. But they also say that their first step is to ensure a level of trust with their cloud customers.

According to a report in early September from The Guardian, the documents revealed that both the NSA and its U.K. counterpart, the GCHQ, compromised virtually all security measures used by Internet companies to protect communications, financial and health data. The report also stated that the NSA spent roughly $250 million to "covertly influence" product designs of private security technology vendors, which included such tactics as inserting secret vulnerabilities and back-door access points into commercial security software.

[Related: RSA Toolkit Warning: Experts Say Developers Better Shut The Door]

That news was just the latest in a string of revelations about the NSA's domestic surveillance program through leaked documents Snowden provided to the press. Previous reports included revelations about the U.S. government's ability to obtain telephone records without a warrant and the eye-opening Prism program, a secret initiative that gives the NSA direct access to the internal systems of companies such as Microsoft, Google, Facebook and Apple.

The scope of the government's surveillance program is still being understood, said Edison Peres, senior vice president, worldwide channels at Cisco Systems, San Jose, Calif. There won't be a rush away from cloud providers, he said, but interest in building private clouds has been growing and should continue to grow.

"There's a lot of work being done as it relates to building out private clouds. That's where a lot of opportunity is today," Peres said. "You need to be able to talk to your customers about what makes the most sense. If you cannot be in that conversation because you don't carry it, white-label it or support it, then you might not have the same credibility that the customers might need from partners going forward."

The NSA revelations have made it imperative for solution providers to be better informed about the SaaS-based solutions and cloud options they offer, said Eric Hart, co-owner and operations manager at Network Performance Inc., a South Burlington, Vt., provider of networking and security technologies.

The differences in cloud architectures need to be clearly laid out and an assessment made to determine the best fit for the client's needs, Hart said. In many cases, a company's most valuable intellectual property will be kept locked down behind the company firewall, he said.

"Honestly, our customers are not super-educated on the technical aspects of this stuff and they tell me that they really have nothing to hide," Hart said. "As this unwinds it will have some impact and eyebrows will be raised, but we'll just have to continue to have a conversation with customers."

NEXT: Hindering Cloud Adoption, Hurting Cloud Provider's Revenue