The New Zealand chapter of the Cloud Security Alliance is calling for transparency of security practices within cloud providers.
The alliance, a worldwide group, recently published a survey showing that 10 per cent of officials at non-US companies had cancelled contracts with US cloud providers, and 56 per cent of non-US respondents were hesitant to work with US operators following the NSA/Prism leaks.
Rizwan Ahmad, the founder and organiser of the New Zealand chapter, took part this month in an intra-chapter discussion about the leaks.
“Our findings showed that scepticism with cloud providers is rising and that providers need to provide at least aggregate information on what they are doing,” he says. “The results point to a great deal of concern as to the impact on commercial cloud computing activities as a consequence of this news.
“Transparency has always been a significant part of the CSA’s vision, and today this objective is more critical than ever. CSA members, by their very nature, have a heightened sense of concern about issues of trustworthiness in cloud computing and by educating both consumers and providers of cloud services, we strive to provide the tools needed to make informed decisions that take advantage of all the benefits cloud computing has to offer.
“From an industry standpoint, the CSA calls upon the key stakeholders of this issue to have a public dialogue to discuss issues of citizen privacy and transparency in addition to the very important topic of maintaining a nation’s security.”
The cloud computing business is estimated to become a US$131 billion market by the end of the year, and a $207 billion market by 2016. More than half will be outside the United States.
Based on the Cloud Security Alliance survey, the Information Technology and Innovation Foundation estimates the short-term costs to US cloud providers of the NSA/Prism leaks at $21.5 to $35 billion over the next three years.
Even before the NSA leaks, there was concern that data provided to US companies wasn’t safe from US law enforcement because of the Patriot Act. This has largely been confirmed by Microsoft’s admission that even European Union-based cloud data hosted by the company is subject to the Act.