Less than a year after the public learned that intelligence agencies were covertly engaging in the mass collection of data, companies are more likely than before to be interested in where and how their data is stored, even if it means delaying cloud projects.
This is one of the key findings of a new report, NSA Aftershocks: How Snowden has Changed IT Decision-Makers’ Approach to the Cloud, which is based on research by market research firm Vanson Bourne, and commissioned by NTT Communications. It involved polling 1,000 IT decision-makers from France, Germany, Hong Kong, the UK, and the US, and spanning various industries.
Starting in June 2013, former Booz Allen Hamilton employee and NSA contractor Edward Snowden leaked confidential documents gaving the public an idea of the extent to which government agencies including the US National Security Agency, the UK GCHQ have access to personal data. He also made it clear that tech companies were being required to secretly hand over data to US authorities via the Foreign Intelligence Surveillance Act and its secret courts.
The aftershocks of these revelations have caused businesses to be especially suspicious and more concerned over data sovereignty with serious business consequences for cloud service and hosting providers.
Only five percent of respondents believe location does not matter when it comes to storing company data. Sixty-two percent of those not currently using cloud feel the revelations have prevented them from moving their IT into the cloud, and they’ve cause 16 percent of all polled companies to delay or cancel contracts with cloud service providers.
Almost nine in ten (88 percent) IT decision-makers are changing their cloud buying behaviour. Among those polled, 31 percent said they are moving data to locations where the business knows it will be safe, and a vast majority in the EU (97 percent) and US (92 percent) prefer buying a cloud service which is located in their own region.
These responses point to the greater extent to which companies need to trust outside service providers. NTT suggests providing assurance of the physical location of data, and that companies have visibility into their data and can restrict, move, or definitively destroy it.
NTT also mentions that companies should carry out due diligence on cloud providers, and look for credentials and certifications. Encryption is obviously something many IT departments will be looking for.
Distrust in how private data is used by corporations and governments has hurt confidence in many companies that handle data in the US. However, respondents to the survey were divided on whether they would purchase cloud solutions from providers with foreign headquarters or data centers, with only around 20 percent entirely refusing to buy internationally.
This provides at least some hope that the borders remain relatively open to cloud service providers.