Solution Providers: New NSA Controls Fall Short Of Restoring Trust In Cloud Services

While Congress took steps Tuesday to curtail unbridled government surveillance by the National Security Agency (NSA), solution providers said the efforts fall short of restoring damaged client trust in cloud services.

The U.S. Senate voted 67-32 on Tuesday to pass a bill proposed by the U.S. House of Representatives, known as the U.S.A. Freedom Act, that would reinstate surveillance but provided for more controls, such as requiring a warrant for records stored at phone companies such as Verizon or Comcast. The bill is a replacement to the controversial Patriot Act, which expired Monday.

Solution providers have been feeling the effects of the revelations of NSA's surveillance program since it was revealed in documents leaked by government contractor and former CIA employee Edward Snowden in 2013. Cloud-focused solution providers in particular told CRN at the time that they were facing tough questions from customers around security for cloud-based data and were working hard to re-establish trust with their clients.

[Related: How Cloud Customers Are Securing Their Data]

That effect still holds true today, security experts agreed, saying that the NSA revelations have driven CISOs and CIOs to re-evaluate the security of their cloud services.

"Regardless of whether these third parties are governments, cyberactivists or cybercriminals, the message became clear -- when enterprises put their information into shared cloud services, such as [Software-as-a-Service] applications, they need to carefully think through the implications of giving away control of their sensitive corporate information," Gerry Grealish, chief marketing officer at McLean, Va.-based PerspecSys said.

Paul Lipman, CEO of iSheriff, a Redwood City, Calif.-based cloud security company, said in an email that he has seen a "significant overall impact" of the Patriot Act on IT spending, driving investments in intrusion-prevention and encryption technologies by customers concerned about their data privacy.

"The net result has been an adoption of better security practices, delivering better protection against the real enemy -- hackers and bad actors that seek to compromise organizations’ networks for financial gain," Lipman said.

However, Lipman said in the email, the temporary end of bulk collection of data by the government will "ultimately have little impact" on solution providers, as there are plenty of loopholes to continue collection, such as government agencies' maintaining the ability to collect data for ongoing investigations.

Grealish said the bill appeared to "bolster" trust in cloud services in the U.S., but failed to extend that trust over the border.

"It appears that the new bills do nothing to prevent U.S. authorities, via the appropriate legal mechanisms, to gain access to cloud-based data of foreign enterprises operating in U.S. cloud services, so businesses operating outside of the U.S. will have to continue to deal with conflicting regional laws and regulations if they are contemplating moving data across their borders to the U.S," Grealish said.

The U.S.A. Freedom Act is now on its way to President Obama, who said he will sign it into law.

PUBLISHED JUNE 2, 2015