NSA Snooping Likely to Damage U.S. Cloud Services Industry: Studies
Fueled by protectionism and worries over U.S. surveillance, companies in other nations may spurn American cloud services and could shrink the U.S. industry's revenues by up to one-quarter, according to two worst-case analyses of the impact of recent revelations of rampant data collection by the National Security Agency.
The analyses—conducted by the Information Technology and Innovation Foundation (ITIF) and Forrester Research—predicted that U.S. cloud companies could face slower demand by as much as $35 billion over three years if the backlash against the NSA materializes as predicted. Forrester's analysis expanded the number to $80 billion and added another $100 billion from U.S. managed-service providers that will likely face similar discrimination.
"Where they have cared, companies have been avoiding using U.S. service providers. There may be some, who have said, how much risk is there? And those are the ones that will now be reconsidering U.S. providers," James Staten, a principal analyst with Forrester Research, told eWEEK.
Already, the surveillance revelations have impacted a number of companies providing secure messaging services. Encrypted email service Lavabit, which reportedly counted NSA whistleblower Edward Snowden as a subscriber, shut down, leaving behind only a veiled explanation that suggests the U.S. government had requested access to Snowden's email.
Secure messaging firm Silent Circle shuttered a similar service, citing the possibility that they might be subpoenaed as well. Meanwhile, companies that provide encryption services for the cloud, such as CipherCloud, have seen interest skyrocket.
While U.S. companies may not worry that the NSA has potential access to business secrets, international firms are worried far more about potential U.S. spying. The NSA's ability to reportedly tap into three-quarters of the data flowing through the U.S. Internet combined with its legal power to subpoena international communications gives weight to previous concerns that companies may be baring their trade secrets by using a U.S. cloud provider, ITIF and Forrester argued.
Already, Germany's Minister of the Interior has told companies not to use services that go through U.S. servers, if they are worried about privacy. The French government had already embarked on a program to create a domestic cloud infrastructure to compete with U.S. firms, investing EUR 150 million in two coalitions to build separate clouds.
Yet for companies not prone to protectionism, the solution should be simple: Implement encryption to protect data no matter where it resides, said Forrester's Staten.
"You can use a U.S. provider and bring your own encryption and if you do that and the government gets access to your data, they only are getting access to your encrypted data," he said.
In the end, Staten stresses that the estimates are worst-case scenarios. If more misconduct by U.S. intelligence agencies is revealed and European leaders and businesses politicize the issue, damages could extend to 25 percent. However, companies tend to make rational decisions, and, thus, far fewer will likely move their business offshore. For that reason, 3 to 5 percent is a more reasonable estimate, he said.