The spectacle of National Security Agency contractor Edward Snowden exposing the covert spying nature of US federal officials has sent ripple waves through the technology industry -- especially in the outsourcing arena.
The Guardian picture of NSA Whistelblower Edward Snowden
Experts predict the NSA fiasco could result in the loss of business for some hosting vendors, but it’s hard to say exactly what the impact has been or will be.
The head of a European cloud computing provider said recently though that he’s seen a “measurable impact” from companies looking to use its services to escape what they fear could be the prying eyes of the US NSA.
“It has not been a profound surge, but there is definitely a measureable impact,” says Robert Jenkins, co-founder and CTO of Cloud Sigma, which is headquartered in Switzerland and has data centers across Europe and the United States. “We’ve definitely seen cases where people are turning to us because of this.”
IN THE NEWS: NSA wants even closer partnership with tech industry]
Forrester analyst and cloud tracker James Staten predicted this could happen in a blog post in the summer. Information Technology & Innovation Foundation (ITIF) estimated in a report that the US cloud computing market could stand to lose up to $35 billion by 2016 because of vendors bypassing US providers and looking to overseas competitors. Staten says that’s the low end of an estimate though.
It’s “naïve” to believe that other countries don’t have similar surveillance programs ongoing, which could depress not just the US cloud market, but the international outsourcing market as well. If those concerns do turn into real impacts, he estimates the worldwide outsourcing market could stand to lose up to $180 billion. That’s the high-end of his prediction and he doesn’t necessarily believe it will happen, but it could, he says.
Some users are already getting out of US providers though. Take Alexander Ljungberg, co-founder, WireLoad, which is an online service that specializes in e-mail migrations – the company can take massive stocks of email systems and translate them from one platform to another. Ljungberg and his partner did not want to use a U.S. cloud provider for the massive computing power that are needed for these jobs because of concerns over peering officials potentially being able to intercept his customer’s e-mail communications. WireLoad uses CloudSigma’s Swiss data center for all its migrations.
“Privacy laws in Switzerland are internationally known to be very good, so we’re just more comfortable knowing that it’s less likely there will be some kind of prying by the government,” he says, adding that it’s a selling point for customers. WiredLoad was using CloudSigma’s services even before the NSA stories broke this summer, but he says privacy and security concerns were a major factor in deciding to use a European provider. If the company had been in a U.S. provider this summer, Ljungberg says he would have switched over.
Staten, the analyst who advises cloud users, says it’s a judgment call as to whether users should be concerned about this issue. If they are, then switching to an international outsourcing provider is one solution, but one that should be considered carefully.
There may be some value in using an international provider for outsourcing needs, but sometimes international providers open their books at the demands of other governments, he says. “You can't conclude (that international) hosting providers would be immune to the same pressures,” that U.S. providers are subject to, he says. Plus, there could be significant costs for migrating workloads to an international outsourcer, including latency concerns that could arise.
The better approach if there is a worry, he says, is to work with the security team on ways to secure the data adequately. “Only if they conclude they cannot sufficiently protect this data should they then look to move that data elsewhere,” he says.
Jenkins, with Cloud Sigma says he’s seen “a handful” of customers drop a US provider in favor of their offering since the NSA allegations were revealed. It’s a strategic decision to look into an international provider instead of one hosted in the U.S., he says.
The tone by Jenkins is somewhat of an opportunistic one – the company and other European providers are happy to provide what customers consider to be a safer haven compared to U.S. providers.
But U.S. technology executives say they’re pushing back on the government too.
In a recent interview Yahoo CEO Marissa Mayer said the company begrudgingly complies with U.S. orders to hand over information, but the company pushes back to ensure there is the proper court oversight on requests for data. Not complying with such court-ordered requests could result in incarceration, she said.
Noted security expert Bruce Schneier said soon after the NSA leaks came out that he believes the issue could be a thorn in the side of outsourcing providers. “Cloud computing is precedent on the notion of ‘trust us with your data,’” he says. “If you don’t trust the vendor, you can’t do it.” These NSA allegations are making it more difficult to “trust your vendor,” he says. (Read what Schneier has to say about encryption related to NSA spying.)
The bigger impact, he believes, will likely be on non-US entities not wanting to put information in U.S. cloud providers. If you’re a company really concerned about any government peering into your computer systems, perhaps not using an outsourcing provider at all is the best way to go though, he notes.