Security Advisor
Overseas IT Pros Cold on Using U.S. Cloud Services After PRISM Reveal
A cloud advocate survey found that 56 percent of respondents would not use U.S.-based cloud services.
In a survey conducted by the Cloud Security Alliance (CSA), a not-for-profit organization that focuses on advocating cloud security and best practices, a majority of respondents would not use U.S.-based cloud services in light of the NSA surveillance reveal.
The agency conducted their poll after the recent reveal by whistleblower Edward Snowden publically disclosed information that the NSA was using secret court orders to obtain private information on foreign individuals through services provided by U.S.-based corporations including Microsoft, Facebook, Apple and Google in an operation called PRISM.
According to the survey, due to this recent disclosure, 56 percent of respondents were less likely to use U.S.-based cloud providers, while 10 percent said they have or plan to cancel all current U.S.-based cloud services.
The survey also found that 47 percent of worldwide respondents selected that when it comes to their government obtaining personal information through cloud services, " there is no transparency in the process and I have no idea how often the government accesses my information."
When it comes to what can be done to migrate concerns of U.S. surveillance, 41 percent said that "The Patriot Act should be repealed in its entirety," while 45 percent believe the Patriot Act should be modified to provide transparency on how often and what manner it is being used. Thirteen percent said the Patriot Act is fine how it is.
As for those corporations that have already subpoenaed through the Patriot Act, an overwhelming 91 percent of respondents said that these companies should be allowed to provide summary information on how and what information was accessed.
Speaking on the results of the survey, Jim Reavis, co-founder and executive director of the CSA said this call for transparency by respondents falls directly in line with the cloud advocacy group's mission statement.
"Transparency has always been a significant part of the CSA's vision, and today this objective is more critical than ever," said Reavis. "Our goal with our research efforts, and with the CSA STAR program, is to continue to encourage transparency of security practices within cloud providers. By educating both consumers and providers of cloud services, we strive to provide the tools needed to make informed decisions that take advantage of all the benefits cloud computing has to offer."
Mimicking the CSA's findings, Calif.-based Voltage Security conducted their own survey and found that 62 percent said they believe that government agencies are secretly accessing corporate data in the cloud.
"Any sensitive information, including financials, customer and employee data or intellectual property needs to be protected across the entire lifecycle of that data. Any loss or exposure of that data can result in compliance or regulatory fines, loss of brand and reputation and, as the recent NSA events further validate, a loss of privacy around how we communicate and the content of those communications," said Voltage Senior Director Dave Anderson.
Noteworthy is the timing of the Voltage Security survey, which polled 300 senior-level IT and security respondents in April -- months before the PRISM details surfaced in the public.