In spite of the significant service and financial advantages of the Cloud, many companies and governments are increasingly reluctant to adopt it for their critical processing. This reluctance is not caused by security considerations regarding the basic technology of the Cloud; those issues have been largely resolved. Companies following best security practices with experienced Cloud Service Providers (CSPs) can have Cloud solutions with security matching or exceeding anything they could do internally.
What is causing this crisis of confidence is the US National Security Agency (NSA). We have seen almost weekly revelations about the unconstitutional collection of personal and corporate data by the NSA, accompanied by their lack of internal security that has allowed thousands of documents to be “lost,” including those released by Ed Snowden.
It is not just NSA. The British GCHQ (Government Communications Headquarters) is also tapping Internet communication. One British MP, Chi Onwurah, in “reluctantly and unhappily moving to the Cloud.” One reason is the US Patriot Act which essentially means that any data stored in the Cloud that ends up on American servers can be compromised by the US Government at any time without notice. Some countries have privacy laws requiring information be stored within the country. Companies in those countries have a problem with public cloud providers that have servers in multiple countries. That flexibility is great for reliability and business continuance, but a nightmare to establish and verify compliance.
All of this impacts revenue opportunities for American CSPs and the growth of the Cloud in general. But there is more.
In a letter on May 15, John Chambers, the CEO of Cisco Systems, asked President Obama to restrict the surveillance activities of the NSA. Cisco Systems is one of the major suppliers of the network hardware that creates and manages the infrastructure that is the Internet, with over 50% of the worldwide market by revenue. The cause of this letter was newly released revelations allegedly showing that NSA intercepted, en-route, equipment from Cisco and other manufacturers to their customers worldwide and installed NSA surveillance software. Mr. Chambers indicated that Cisco did not cooperate with NSA in this activity nor was Cisco aware of NSA interceptions.
If the allegation of NSA interference is true, or even believed to be true, it will impact the ability of Cisco and other US manufacturers to sell their equipment in the US or anywhere in the world.
NSA has been fairly consistent: anytime they have denied doing something it turns out later that they in fact were doing it. I’m not sure how President Obama can convince companies that he has “fixed the problem.”
What should you do? The Cloud still does provide significant value, but you need to control the security of your own data yourself. Use state-of-the-art encryption for both data-in-motion (data moving through the Internet) and data-at-rest (data stored in the Cloud), and make sure you control the encryption keys for the data-at-rest. I discuss one way to get a Secure Public Cloud in an earlier post.
The last word:
Depending on which version is more accurate, Abu Bakr al-Baghdadi was in US custody at Camp Bucca, a US-controlled detention facility in Iraq, for most of 2004 or from 2005-2009. In any case, he was given an “unconditional release” into Iraq under President George W. Bush. You may have recently heard of him: he is now the leader of ISIS, the Islamic State in Iraq and Syria, which is running rampant over northern Syria and threatening the existence of Iraq. In hindsight, it was probably a mistake to release him.
More recently, President Obama decided to release five senior Taliban commanders from Guantanamo prison to a life of luxury in Qatar, with full freedom of movement within the country, and able to go anywhere after one year. The manner of the release was in stark violation to a law President Obama signed requiring that he notify Congress at least 30 days prior to any such release; he notified a few members of Congress five hours before the transfer. Noorullah Noori, one of the five, has already vowed to continue fighting Americans.
In return, he obtained the release of Army Sergeant Bowe Bergdahl. As President Obama said, we do have an obligation to not leave our military personnel behind. The controversy, mostly in the press, that Sgt. Bergdahl may have deserted his post back in 2009 is irrelevant to the requirement to bring him home. If there is significant evidence, Sgt. Bergdahl will be court marshaled and, if found guilty, punished. That trial and punishment, if appropriate, must happen under US control, not Taliban control.
In a few years, will we wonder about the wisdom of President Obama’s method of getting Sgt. Bergdahl free?
Keep your sense of humor.