Other companies, like small online retailers, that choose to use cloud servers to run applications and store customer data don't care too much about encryption or if they do encrypt the data, they don't care if the service provider has access to their encryption keys because they usually don't perform an advanced enough risk analysis, he said.
"All our customers have highlighted their concern with security issues, especially when it comes to services hosted in a third party location," said Dragos Manac, CEO of Appnor MSP, a provider of managed dedicated servers and cloud computing with infrastructure in both Europe and the U.S., via email. "The current Prism scandal is a major blow for governments, but it also hurts service providers."
As far as government surveillance is concerned, service providers are caught between a rock and a hard place, he said. "Not helping the authorities means you are violating the law. Helping them means you may be violating someone's rights."
There is no reason to believe that the NSA, or anyone else, can crack strong encryption algorithms that have been studied and vetted by scientists, Wilcox-O'Hearn said. "On the other hand, it is easy for a programmer or service provider to implement them incorrectly or for a user to use them incorrectly, in which case it would be possible for anyone who had access to the network traffic to read the data," he said.