The issues behind the NSA revelations continue to reverberate in the halls of IT shops as they look toward the move to cloud computing.  Although the NSA scandal is getting a bit old, the government keeps things going by not providing any guidance or reform.  Lacking those particulars, non-US companies are unlikely to trust US companies with their data anytime soon.  Some argue that’s a logical concern.

In response to the NSA issues, cloud providers hired lobbying firms to walk the halls of Congress and seek government surveillance reform.  These are not bit players, but brand names such as Microsoft, Google, and Apple.  Several companies that compete vigorously in the marketplace have aligned to form the Reform Government Surveillance coalition.  The objective is to limit federal intelligence authorities and introduce new oversight and accountability measures.

However, this is not just a cloud and mobile computing thing.  A recent report in the New York Times highlighted efforts on the part of intelligence authorities to insert radio frequency technology into computers and peripherals to expand their surveillance capabilities.  The report alleged the transmitters were added to computers already in the hands of users.  However, it also stated that hardware manufacturers had been complicit in installing these devices.  Nice.

Last month we learned that hackers allegedly used Amazon’s cloud hosting solution as a platform for a botnet that captured personal information from potentially millions of LinkedIn subscribers.  As revealed in a Washington Post article last month, four Amazon-hosted sites accounted for six percent of all malware found in the fourth quarter of 2013.

It seems cloud computing is getting a bad name.  However, look at these issues within the context of the successful use of cloud computing, and they fade into the background.  In the meantime, the surveillance and privacy issues are much more intriguing to us than talking about the rapid growth of AWS, or the new cloud delivered database from Google. And, yet, there is reason for concern.

We need to keep tabs on those who deploy identity-stealing software on cloud-based servers, or our own government that is evidentially performing questionable surveillance activities.  It’s okay to be paranoid about these types of activities.  The tinfoil hats are on for a reason.

Taking all of the successes and scares into account, the movement toward cloud computing continues, even if it slowed slightly from the rise of privacy and security concerns.  We need to find ways to work around these concerns, and morph into a market that maintains a healthy paranoia while it continues to progress toward a better state of IT.

A few things need to happen to move toward those goals:

First, the political movement to reform surveillance is a push in the right direction.  I suspect that we’ll soon have some laws on the books.  While these laws will not eliminate government agencies’ ability to get at the data they need to protect the country’s safety, they will place reasonable limits on those activities, and provide more transparency.

It seems logical to me that cloud providers should lead this charge, but there needs to be underlying and systemic support from US citizens as well.  Most citizens don’t know what a cloud server is, nor do they care.

Second, there should be more empowerment to define security to the end points.  This means enterprises define their own encryption and security infrastructure, and monitor their data within all physical servers, public clouds, private clouds, and traditional.

Many cloud providers brag that they rent out the storage locker, and give the key only to the renter.  However, a few keys have also been handed over to the government through the use of secret court orders and back-room deals.  That needs to end with reform, and complete control handed back to those who need to secure their data.

Finally, some type of organization needs to set worldwide standards around data privacy, perhaps creating and enforcing laws to protect data privacy.  While the political issues around this are daunting, the effort to come together on a few items, even by just a few countries, will send a much better and reassuring message to everyone.

These issues are not going to go away.  If it’s not the US, it will be other countries that attempt to monitor or steal data, for whatever legitimate or non-legitimate purpose.  So, we have to learn to deal with it, or lock up systems in the closet with no connection to the outside world.  Which will it be?