The Snowden Leaks One Year Later: Key Lessons Cloud Providers Learned

By Chris Preimesberger  |  Posted 2014-06-06 Print this article Print

The period of eight days from June 5 to June 12, 2013, was monumental in the history of data security. The timeline: June 5, 2013: The Guardian reports that the U.S. government has obtained a secret court order that requires Verizon to turn over the telephone records of millions of Americans to the National Security Agency. June 6: The Guardian and the Washington Post disclose the existence of PRISM, a program that allows the NSA to extract the details of customer activities—including "audio and video chats, photographs, e-mails, documents" and other materials—from computers at Microsoft, Google, Apple and other Internet companies. June 9: The Guardian and Post disclose former Booz Allen IT specialist Edward Snowden as their source for the intelligence-related leaks. June 12: The South China Morning Post publishes an interview with Snowden in which he says that U.S. intelligence agents have been hacking networks around the world for years. The U.S. IT industry then went on the defensive amid concerns that customers would shift their hosted data and services to providers in other parts of the world. U.S. businesses ostensibly stood to lose up to $180 billion, according to Forrester. For a look into what cloud service providers learned from the NSA scandal over the past year, eWEEK consulted with Simon Aspinall, CMO at enterprise cloud software and services provider Virtustream. Aspinall believes that the scandal brought the issue of security and compliance to the forefront of cloud computing and overall resulted in positive changes for the industry.

  • The Snowden Leaks One Year Later: Key Lessons Cloud Providers Learned

    by Chris Preimesberger
    1 - The Snowden Leaks One Year Later: Key Lessons Cloud Providers Learned
  • Hackers Know No Boundaries

    One of the most important lessons to come out of the Snowden leaks is that businesses need to ask the right questions about their cloud computing environment, especially since hackers know no boundaries and need no court orders. In this post-NSA world, every CEO should be armed with the right questions to feel confident he or she is getting the most secure, compliant and high-performance cloud computing environment.
    2 - Hackers Know No Boundaries
  • Understand Security Best Practices

    When selecting a service provider, IT managers, executives and anyone else involved in the decision-making process must verify whether the provider follows information security best practices, including using multifactor authentication, offering strong data encryption and hardened operating systems, and sharing the results of routine audits.
    3 - Understand Security Best Practices
  • Know Compliance Laws and Regulatory Requirements

    For every industry, there is a never-ending alphabet soup of key compliance regulations that must be followed: GLBA, SOX, HIPAA, PCI—the list goes on. To ensure that vulnerabilities are mitigated, know the relevant requirements for your industry. If personally identifiable information (PII) is securely stored, for instance, then your provider needs to be HIPAA-compliant and FedRAMP certifications should be a requirement.
    4 - Know Compliance Laws and Regulatory Requirements
  • In the Event of Data Loss, Have a Backup Plan in Place

    What does your service-level agreement (SLA) guarantee in the event you are hacked or confidential data is leaked? Are there host resources, networking, data backup and other redundancies as well as tested disaster recovery plans to mitigate the risks of data loss? These are key questions that must be addressed when selecting a provider.   
    5 - In the Event of Data Loss, Have a Backup Plan in Place
  • You (Should) Get What You Pay For

    As enterprises scale their cloud infrastructure, cloud pricing wars are heating up and prices are falling. Keep in mind that there are specialist cloud several providers who provide for use cases that are not well-suited to the public cloud, including security, compliance, performance, managed services, and enterprise and legacy applications, which are often key considerations when selecting a cloud. In addition, consider that a consumption-based cloud services model reduces overall costs, turns capital expenditures into operational expenditures, and increases efficiency to free up resources across people, capacity and budgets.
    6 - You (Should) Get What You Pay For
  • U.S. Providers Still Lead the Way

    U.S. businesses ostensibly stood to lose up to $35 billion over three years as a result of the NSA revelations, according to a dire prediction by the ITIF (Information Technology and Innovation Foundation). Forrester put the losses as high as $180 billion. Contrary to the initial predictions following the Snowden leaks, customers did not bypass U.S. cloud providers for international and overseas business alternatives.
    7 - U.S. Providers Still Lead the Way
  • Multinational Companies Must Address Data Location Laws

    As companies assess the most critical requirements for selecting a cloud provider—should you stay local or go global?—they must remember that where the cloud provider is located is less important than what service levels the provider can offer and how the provider is implementing safeguards and addressing risks. While multinational companies are very concerned with addressing data location laws, cloud providers must be able to support geofencing and geolocation of data to mitigate these concerns.
    8 - Multinational Companies Must Address Data Location Laws
  • It's Really About Security, Performance and Compliance

    Security, performance and other criteria are more important for businesses to consider than where the service provider is located. Selecting the right cloud for your applications and business needs will probably lead to a couple of providers for different purposes (public/private, test/dev/mission-critical, production/backup). Be sure to assess carefully what your provider offers in terms of SLA and performance and mix suppliers.
    9 - It's Really About Security, Performance and Compliance
  • Enterprises and Clouds Are More Secure Today

    While the prospect of NSA's PRISM didn't sink the cloud industry, it did bring to the forefront issues related to security and compliance that enterprises and vendors needed to address—whether the data is in the cloud or on premises. Bringing these subjects to light has enhanced processes, mitigated risks and addressed questions every CEO should ask, ultimately leading to more secure, compliant companies in the cloud.  Despite the coverage in the press, the levels of security and compliance provided by the cloud often exceed those of even the largest corporation.
    10 - Enterprises and Clouds Are More Secure Today
  • Transparency Has Led to a Stronger Industry

    Enterprise spending on cloud computing is projected to surpass $174 billion in 2014, up 20 percent from last year, and reach $235 billion by 2017, according to IHS Technology. The NSA scandal wasn't a bump in the road; on the contrary, it served to strengthen the cloud computing industry by forcing providers to step up their game and reminding businesses to carefully scrutinize their providers.
    11 - Transparency Has Led to a Stronger Industry

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel