The Snowden Leaks One Year Later: Key Lessons Cloud Providers Learned

by Chris Preimesberger

One of the most important lessons to come out of the Snowden leaks is that businesses need to ask the right questions about their cloud computing environment, especially since hackers know no boundaries and need no court orders. In this post-NSA world, every CEO should be armed with the right questions to feel confident he or she is getting the most secure, compliant and high-performance cloud computing environment.

When selecting a service provider, IT managers, executives and anyone else involved in the decision-making process must verify whether the provider follows information security best practices, including using multifactor authentication, offering strong data encryption and hardened operating systems, and sharing the results of routine audits.

For every industry, there is a never-ending alphabet soup of key compliance regulations that must be followed: GLBA, SOX, HIPAA, PCI—the list goes on. To ensure that vulnerabilities are mitigated, know the relevant requirements for your industry. If personally identifiable information (PII) is securely stored, for instance, then your provider needs to be HIPAA-compliant and FedRAMP certifications should be a requirement.

What does your service-level agreement (SLA) guarantee in the event you are hacked or confidential data is leaked? Are there host resources, networking, data backup and other redundancies as well as tested disaster recovery plans to mitigate the risks of data loss? These are key questions that must be addressed when selecting a provider.

As enterprises scale their cloud infrastructure, cloud pricing wars are heating up and prices are falling. Keep in mind that there are specialist cloud several providers who provide for use cases that are not well-suited to the public cloud, including security, compliance, performance, managed services, and enterprise and legacy applications, which are often key considerations when selecting a cloud. In addition, consider that a consumption-based cloud services model reduces overall costs, turns capital expenditures into operational expenditures, and increases efficiency to free up resources across people, capacity and budgets.

U.S. businesses ostensibly stood to lose up to $35 billion over three years as a result of the NSA revelations, according to a dire prediction by the ITIF (Information Technology and Innovation Foundation). Forrester put the losses as high as $180 billion. Contrary to the initial predictions following the Snowden leaks, customers did not bypass U.S. cloud providers for international and overseas business alternatives.

As companies assess the most critical requirements for selecting a cloud provider—should you stay local or go global?—they must remember that where the cloud provider is located is less important than what service levels the provider can offer and how the provider is implementing safeguards and addressing risks. While multinational companies are very concerned with addressing data location laws, cloud providers must be able to support geofencing and geolocation of data to mitigate these concerns.

Security, performance and other criteria are more important for businesses to consider than where the service provider is located. Selecting the right cloud for your applications and business needs will probably lead to a couple of providers for different purposes (public/private, test/dev/mission-critical, production/backup). Be sure to assess carefully what your provider offers in terms of SLA and performance and mix suppliers.

While the prospect of NSA’s PRISM didn’t sink the cloud industry, it did bring to the forefront issues related to security and compliance that enterprises and vendors needed to address—whether the data is in the cloud or on premises. Bringing these subjects to light has enhanced processes, mitigated risks and addressed questions every CEO should ask, ultimately leading to more secure, compliant companies in the cloud. Despite the coverage in the press, the levels of security and compliance provided by the cloud often exceed those of even the largest corporation.

Enterprise spending on cloud computing is projected to surpass $174 billion in 2014, up 20 percent from last year, and reach $235 billion by 2017, according to IHS Technology. The NSA scandal wasn’t a bump in the road; on the contrary, it served to strengthen the cloud computing industry by forcing providers to step up their game and reminding businesses to carefully scrutinize their providers.