Cloud security firms are growing increasingly concerned about the NSA's domestic surveillance and encryption cracking practices, which they say could have a negative impact on business.
Recent reports claim the U.S. National Security Agency has cracked the majority of encryption technologies used to protect online data as part of its widespread Internet surveillance program.
Cloud security firms say the NSA's practices are bad for business because it undermines customer confidence in moving data to the cloud -- but they also say the news has had a positive effect because it's put a spotlight on the need for better security measures.
"I think customers feel like they're losing control of who's looking at their data -- regardless of whether or not they want to share that data with the government," said Pravin Kothari, founder and CEO of CipherCloud, a data protection firm based in San Jose, Calif. "But it's definitely having a beneficial effect. We're seeing dramatic growth over the last few months since the news."
Still, the potential losses for the cloud industry could be staggering, Kothari said. Last month, the Information Technology & Innovation Foundation released a report that predicted the NSA's PRISM program could end up costing the cloud industry between $22 billion and $35 billion over the next three years.
Kothari said he thinks the losses could be much steeper. "We think there's much more at stake over the loss of trust," he said.
The concerns go beyond the NSA's ability to simply break encryption codes. According to reports from The Guardian and The New York Times, the intelligence agency is working to "covertly influence" product designs of private security technology vendors, which includes inserting secret vulnerabilities and back-door access points into commercial security software.
Steve Pate, co-founder and CTO of HighCloud Security in Mountain View, Calif., said he's concerned about the NSA's antiencryption practices -- particularly the news that the government is poking holes in commercial security products.
"I think it's fairly troubling," Pate said. "I'd be surprised if the government was able to go through these product development cycles without the news leaking out from these vendors, but that's not to say it's not happening. In fact, it may be happening without their knowledge."
Pate believes the NSA's practices could negatively impact the cloud business in the short term. "The biggest thing we've seen," he said, "is a growing reluctance of foreign companies to work with U.S. cloud providers."
David Canellos, CEO of PerspecSys, a cloud security company based in Mclean, Va., said he's seen a similar trend of companies, especially those based outside the U.S, becoming apprehensive about cloud migration. "Some organizations are becoming concerned, particularly businesses overseas that are apprehensive about working with U.S. cloud providers," he said. "And some companies are even looking at ripping out their cloud services and going back to on-premise systems. They're at least asking those questions."
In addition, Canellos said customers shouldn't assume that the NSA is the only entity that can crack online encryption technologies. "If the NSA can circumvent security measures that you'd otherwise trust, then that's a real issue," he said. "And if the NSA can do it, then I believe others can do it as well."
It isn't just cloud security firms that are sounding the alarm over PRISM and other NSA activities; Facebook CEO Mark Zuckerberg this week said the NSA snooping was bad for business because it lowered customer trust for online tech companies.
NEXT: Positive Effects From NSA Revelations