ITIF: NSA Encryption Cracking Could Worsen Potential Losses For U.S. Cloud Industry1:12 PM EST Fri. Sep. 27, 2013
Potential NSA-related losses for the U.S. cloud industry could steepen following the recent disclosures about the government's encryption cracking practices, according to the Information Technology and Innovation Foundation (ITIF).
Last month, the ITIF released a report that claimed the U.S. National Security Agency's domestic surveillance program, dubbed PRISM, could cost the U.S. cloud computing industry anywhere between $22 billion and $35 billion over the next three years. But recent revelations about NSA's antiencryption program could have an even more detrimental impact to the industry if foreign customers choose to not store their data with U.S. companies.
While cloud is a driving force in IT, NSA's spying brings fear, uncertainty and doubt for foreign corporations relying on U.S. cloud computing, according to Daniel Castro, senior analyst of the Washington, D.C-based ITIF. The news that NSA is cracking common online encryption technologies, and even placing secret back-door access points in commercial security products, could further undermine the confidence of foreign businesses, he said.
"What we don’t want to have is foreign companies and governments to think that anything protected by a U.S. company comes with a back door for the U.S. to access their networks and data," Castro said. "If that is the perception, that has the potential to have a large impact on U.S. companies."
Over the next three years, Castro estimates there will be an eventual 10 percent loss in market share for the U.S. cloud industry, which could escalate to 20 percent.
"Part of this questions how decisions will be made in the future about where consumers and businesses choose to do business," said Castro. "Foreign providers will be increasingly available because this provides the ability to gain market share. That is the shift we will start to see over the next three years unless there is some kind of meaningful response from the U.S. government."
There are especially concerns around NSA's ability to break encryption with secret programs like PRISM, which gives NSA direct access to internal systems of vast Internet companies like Microsoft, Google and Facebook, said Castro.
"This is the bigger loss within the general ecosystem," said Castro. "One of the benefits that we have today is that anywhere in the world, they are using the same encryption logarithms. If we lose that interoperability and trust, we stand to lose because there is no ability to equally interconnect and exchange data with other companies."
NEXT: What The Channel Thinks
Brian Okun, regional sales director at Prevalent Networks in Warren, N.J., said he doesn’t think the NSA surveillance revelations will impede the move to cloud computing. "I think there will always be people who don't feel safe putting data in the cloud," he said, "just as there are individuals who want to move to the cloud."
While recent news reports revealed the NSA has cracked the vast majority of online encryption technology, Okun said he doesn't believe customers will be less inclined to put their data and IT operations online.
"This only reaffirms the things that we tell our clients," Okun said. "First, you're never going to be a 100 percent secure online. Second, you need a layered, multipronged approach to security. And third, you need to be an early adopter of new security technology instead of a laggard."
Richard Trahant, president of Land Computer in Peabody, Mass., said while most customers are making the transition to the cloud, they don't seem to be as concerned as they should be. It's unsettling that the government could have access to gaining anybody's data with a click of a mouse, said Trahant.
"People aren't paying attention. It's almost strange that people haven't said, or asked in regards to the government prying in and getting their data," said Trahant. "Our clients entrust us with the security of their data, and to have the U.S., and possibly other countries, going into the data, who knows what they would do with the data."
In taking steps of reformation, and avoiding this potential unfavorable loss of revenue, the U.S. government should declassify more information about NSA's spying programs, Castro suggested.
"The U.S. government has an unfair advantage in this debate because so much of the information is classified," said Castro. "Even if things are leaked, it's hard to respond because the government will say it's inaccurate. There needs to be a definitive response from the government to respond to these concerns, and we haven't seen that yet."
As the issue is currenlty being debated in Congress, VARs and cloud providers are waiting patiently to see the end results.
PUBLISHED SEPT. 27, 2013