Forrester: Cloud hit from NSA could be more like $180 billion (but probably not even close)
Forrester’s James Staten argues in a blog post that the U.S. cloud computing industry stands to lose more like $180 billion, using the reasoning put forth by a well-circulated report from The Information Technology and Innovation Foundation that pegged potential losses closer to $35 billion. But he’s just making a point and seems to suggest that in reality the industry probably won't take much of a hit at all.
It comes down to the kind of trade off many of us grudgingly make with mobile and online tools. We know that Facebook, Apple and Google share information about our movements and likes but we’re too engaged with the services to give them up. We take precautions that make us comfortable and keep using them.
Source: Fibonacci Blue, via Flickr
It’s a bit the same with cloud services used by businesses.
Let’s start with the original ITIF study. It figured that U.S. cloud providers would lose 20 percent of potential revenues from foreign businesses that won’t use them given the NSA spying revelations. Over the next three years, the report figured U.S. cloud providers stand to lose $35 billion.
Staten argues, however, that using the same reasoning, some portion of U.S. businesses would also take their business off shore. Plus, cloud providers in other countries stand to similarly lose customers because it’s increasingly clear that foreign governments also snoop on cloud data.
All told, Staten figures losses could be closer to $180 billion.
But he doesn’t really expect that to play out. “The fact of the matter is that the IT services market is a part of our portfolios because it provides capabilities we value either against IT or business metrics. And it's highly likely these values are worth more to you than the potential risk you think your company faces due to government surveillance,” he wrote.
Just like most of us haven’t given up Gmail or our iPhones, businesses that are using the cloud likely won’t turn back. What are their alternatives? Staffing up and building potentially huge data centers? For some businesses, that isn’t an option.
Staten offers up a practical solution. “A quick tip: bring your own encryption. If you hold the keys the governments can't get to your data by going through your service provider,” he wrote.
This is an increasingly possible option. Staten pointed to a couple of services that can help.
I recently talked to Kris Herrin, chief technology officer for Heartland Payment Systems (yes, that Heartland, the one that suffered through a massive data breach in 2009) about this subject. Heartland is understandably very conscious of avoiding a similar disaster. Yet it uses public clouds like Amazon Web Services for a range of applications.
“The enabler to do that is being able to control the keys for encryption and making the encryption such that when the data is blowing through the public clouds it’s all encrypted,” he said. “That’s been a key tenant of our company post breach – assume it’s compromised. Assume the public cloud is compromised. Assume the NSA is sniffing that data.”
Heartland doesn’t use public cloud services for card processing but using these assumptions and processes it is putting more and more work into the public cloud, he said.
That’s really the most practical solution for businesses worried about government spying. Staten also suggests that governments around the world should take up this issue, possibly starting with discussions at the next G20 Summit. He’s not holding his breath for that though. “But it is unlikely any government will step up to this issue as governments place a much high priority on defense than they do economic development,” he wrote.
Read more of Nancy Gohring's "To the Cloud" blog and follow the latest IT news at ITworld. Follow Nancy on Twitter at @ngohring and on Google+. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.