Page 1 of 2
Not too long ago, a heavyweight vendor burst on to the scene in North America hoping to win the hearts and minds of solution providers with compelling technology, aggressive pricing and a new channel program. But, fears over alleged security issues with its products -- specifically backdoor vulnerabilities that could give a certain government access to corporate data centers -- presented a sizable roadblock for the company, as the trust the vendor sought to earn with partners and customers appeared to have evaporated.
The government was China. The company in question was Huawei.
Fast forward to today, a similar situation has emerged but on a much wider scale and with arguably greater implications for the IT industry. And yet there appears to be little concern or protest from solution providers.
The government is the U.S. The companies in question are, well, basically everyone.
According the The Guardian's most recent report on the U.S. National Security Agency's domestic surveillance, documents obtained by former NSA contractor Edward Snowden show the NSA has cracked the vast majority of Internet encryption technologies.
But, the most damning part of the reports is the revelation that the NSA has "inserted secret vulnerabilities -- known as backdoors or trapdoors -- into commercial encryption software," according to the The Guardian's report. Specifically, the report claims the NSA spends $250 million a year on a program that collaborates with technology vendors to "covertly influence" their commercial product designs.
Then there's the New York Times' report, which published the NSA documents last week in partnership with The Guardian and ProPublica:
"In some cases, companies say they were coerced by the government into handing over their master encryption keys or building in a back door. And the agency used its influence as the world’s most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world."
Let that sink in for a moment. The U.S. federal government is actively subverting the technology that you, the channel, use to protect your clients -- and your own businesses. You'd think a group called the National 'Security' Agency would be in the business of plugging software vulnerabilities rather than making more of them.
What's troubling is that none of the documents Snowden leaked to the press say which companies worked -- either willingly or unwillingly -- with the NSA. So, solution providers simply have to take a leap of faith and trust whatever their security vendor partners tell them.