back to article Snowden leaks made us look twice at cloud suppliers – biz bods

Businesses are conducting more due diligence on cloud suppliers and demanding more localised storage of their data in the wake of reports about US surveillance activities, according to a new survey. One in six businesses are also either delaying or cancelling cloud computing contracts in light of revelations about the alleged …

COMMENTS

This topic is closed for new posts.
  1. Will Godfrey Silver badge

    Good

    About time people woke up to the risks.

    1. MrXavia

      Re: Good

      Yes, but the figures for wanting to keep data in the same country are quite low I think... I think that is No2 on my cloud priority list, with No1 being any data stored must be encrypted at source, not on the cloud (unless of course your talking cloud compute, then you have to use encryption in the cloud itself, but still you control the instance yourself and you can encrypt data still

    2. Anonymous Coward
      Anonymous Coward

      Re: Good

      Did you not read the article?

      > "Nearly three-quarters (72 per cent) of ICT decision-makers polled said they would revisit every cloud and hosting arrangement to ensure data protection, if they had the necessary time and resources,"

      You really think management will take the time to revisit if there will be a cost? Good luck with that!

      Plus this is just a survey where people click a radio button and forget what the question is before they click "next". Once people start taking action irrelevant of cost, then you can celebrate.

  2. Anonymous Coward
    Anonymous Coward

    The Cloud

    is a bu(r)sted Fart.

  3. John Smith 19 Gold badge
    Unhappy

    Damm right

    Seriously where these servers are based (and more importantly under what law they operate by) should have been at the top of any cloud migration plan from day 1.

    It does looks it's finally sinking people do care about their privacy and their businesses security.

    1. Anonymous Coward
      Anonymous Coward

      Re: Damm right

      > It does looks it's finally sinking people do care about their privacy and their businesses security.

      That means nothing if there is a cost associated with it. Do you care about the environment? I assume yes but I also assume you use fossil fuel to travel around (this includes holidays) because it is easier than walking or riding a bicycle long distances and in bad weather.

  4. JimmyPage Silver badge
    Megaphone

    It's not just server location

    it's what jurisdiction is the company bound to. Remember, the PATRIOT act enables Uncle Sam to point to *any* company with a US presence, and demand the keys to the kingdom, irrespective of *where* they have located their servers.

    It is (still) a worry that a lot of IT "professionals" appear to think that a Google server in Europe is immune to a US snoop or takedown. It isn't.

    What is more worrying, is that a lot of firms don't have a rolling overview of their suppliers, meaning that you could contract with a nice EU-centred supplier, who then gets bought by a US company. (Or a company with a US arm), and immediately falls under the spell of the PATRIOT act.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's not just server location

      Exactly. Either, the firms don't understand that the NSA owns the data of any and all US hq'd cloud firms regardless of where the server is-and as johnny foreigner you have zero right to privacy. It's not like the NSA gives a fuck about German or some other country's privacy laws, just ask Angela.

      or

      All their 'cloud data' is for a publicly accessible website so doesn't matter anyway.

  5. This Side Up
    Unhappy

    Keeping data in their own country

    "By contrast, only 16 per cent of US respondents, and 17 per cent in Hong Kong took the same view."

    I would have thought USA would be the last place US respondents now wanted to store their data!

    1. Anonymous Coward
      Anonymous Coward

      Re: Keeping data in their own country

      The hong kong data is in chinese, they'll never figure that out.

  6. All names Taken
    Paris Hilton

    Truth is ...

    I'd guess most organisations don't really have a clue about how things like email are handled within their organisation. Certainly quite a few CEOs or equivalent rank were surprised to find out that even the scale 5 jobber allocated to email server could access the boss's emails whenever and whatever.

    So good things for the cloud:

    1 - hammering out SLAs could make senior staff aware of the SLAs needed internally within the organisation

    2 - competing on data integrity and storage resilience is good (it is either inhouse or sh*thouse at the moment turning that into inhouse, shi*house or outsource is not a bad idea (see awareness comment in [1] above))

    3 - competing with mechanical failures, new technologies, better and swifter ways to do things actually opens up the market to competition? Inhouse, Provider A, Provider B, ... , Provider Z who is the best and why?

    4 - potential to further outsource. For example accounts, accounting practices, data analysis as a professional service (what does your data say and what does it indicate about how to optimise from the variables stored as part of a look-it-up database?)

    The NSA spoof by El Reg is actually not a bad idea at all (has someone sent in a business plan to NSA or Obama? The nation is skint and could do with a bit more readies - EU isn't good enough - they only want stuff that armed forces can get involved in (purile/sterile politicos?))

  7. This post has been deleted by its author

    1. Sir Runcible Spoon

      Re: I was thinking a lot more

      It's probably a drop in the ocean compared to the commercial value of all the information they've slurped over the years.

  8. Just Trolling thru
    Thumb Up

    Snowden should be C-levels' hero

    Snowden is still my hero and should be all C-levels' too as he opened eyes to the risks and would have saved alot of skin down the line...

  9. NoneSuch Silver badge

    "84 per cent of ICT decision-makers globally believed they need training on data protection laws and security rules in the territories their businesses operate," it said.

    US law superceeds all of your local protection and privacy laws so maybe you need to step up your game and work on a solution that makes your data secure first, rather than conducting an exercise in futility.

  10. JaitcH
    Thumb Up

    Edward Snowden ...

    a force for good (except if you are a US cloud vendor).

    Where's his Nobel Prize?

  11. Don Jefe

    Looking Inward

    In almost every aspect of life and business I'm a huge proponent of looking inward to find solutions to problems. Most organizations, even tiny operations, already have the things they need to fix or work around any problem (98.765% of the time, money isn't what's needed). The solution may not be as glorious as your IT, marketing or operations guys would prefer, but hey, that's life. It's ugly and it works.

    But there is no internal solution to problems like this. Any solution, be it the 'right' solution or the 'wrong' solution, extremely complex or zen like in simplicity, is nothing more than a decision, or series of decisions, made within the confines of a situation where some, or all, of the external elements are static, and outside your realm of influence and other, mostly internal, elements are dynamic and allow you to exercise varying degrees of control over them. That's straightforward formal problem solving yeah?

    Well, that all goes straight to shit if the external elements of the problem can be redefined, repurposed and robbed of all their meaning without consultation, transparency or even acknowledgement of what has occurred. That isn't a complex or NP-hard type situation, that's just fucking chaos. While individuals can survive, some can even thrive, in chaos, no ordered system can do that.

    Ordered systems (such as a government) are developed solely to control, or at least mitigate, damage from chaos with the ultimate aim being to extract 'value' of some kind for the benefit of the governed (feel free to exchange 'of the governed' to reflect your ideas of government :). Deliberately introducing chaos into an ordered system is simply blatant misuse of the system. Doing that is absolutely NO DIFFERENT than ignoring the warnings on household chemicals: Intentional misuse is guaranteed to fuck you up and quite possibly kill you.

    So, while it's quite commendable that IT decision makers acknowledge they don't know dick about international, or even domestic data privacy law, it's just a big fat, quite nearly malicious, turd of supposition that training is going to increase their knowledge and understanding of the issues involved. If you send your staff off to some conference and they come back claiming to have gained beneficial information just execute them on the spot. It might be hard, but you won't be killing a staff member, you'll be killing an evil clone, an alien inhabited facsimile of your staff, or a robot. Don't hesitate, just kill them and lop of the head display on a pike at the gates to your office compound.

    I'm 100% comfortable recommending that course of action, because the actual legal experts who deal with nothing but international communications law don't understand it. There's no way your staff will understand it. That's not a swipe at anyone's staff, but at this very moment discussion and debate are taking place in Europe and the US that will have major impacts on all of us. The sad part about that is that those legal questions relate to events in 2001 and 2002. The people who are employed to answer those questions have a backlog of 14 years. If it's going to take that long before a legally recognized and binding definition can be applied to words like 'storage', 'interception', 'thru-traffic', the difference between the Internet and the Web (really), 'sharing' and 'anonymous', then there's no point in schooling people on things that haven't even been decided yet.

    Every single bit of this is just really fucking stupid. It's easy to see where this is all going, because it has been done a million times. Some manner of 'specialist' will emerge from the slime and we'll have legions of absolute idiots running around making foolish decisions about things they have no way of actually knowing about. What's worse, is that they'll feel entitled to make those foolish decisions and demanding higher pay because they've got some sort of 'certificate'. Since all these issues are so large in scope it is difficult to draw a great analogy, but I'll do my best. This new sort of 'specialist' will closely resemble what I imagine would be an amalgamation of the worst traits of an MS, Novell, Oracle certified Intuit certified accountant. I've had some great staff with those certifications, but they were exceptions. The kind of people who milk every single bit of knowledge out of any sort of educational course. The vast majority of 'vendor certified' people are just fucking useless and can't see the difference between a certificate and knowledge. That's exactly what we'll get with this as well, a bunch of fucking useless people charging big bucks to be wrong.

    Instead of wasting time, and money, on learning things that aren't yet learned and creating confusion between groups as definitions are established, then revised in secret meetings I say fuck it. Let's all go to the bar. We'll send the bill to the US and UK governments as the 'Cost of Freedom'.

    1. Sir Runcible Spoon
      Thumb Up

      Re: Looking Inward

      Nice rant.

This topic is closed for new posts.

Other stories you might like