Feeds

Don't panic! Mega cloud biz group says NSA just one among many threats

Don't quit our cloud, please

Protecting against web application threats using SSL

Enterprises are being told to not abandon the cloud out of fear of possible threats to their data security posed by US government snoops.

The Open Data Center Alliance (ODCA) has advised big companies the benefits of cloud – escaping their legacy IT – far outweigh risks of the National Security Agency pilfering their secrets.

All that’s required, the ODCA reckons, is some prudence from IT types on the type of cloud services they embrace and where they place their companies’ data.

ODCA chairman and secretary Mario Mueller told The Reg in a recent interview: “Companies should really think about what type of data they would like to put in a cloud and what data they would like to put into a private cloud.

“The easy decision is to put all my information into every place, but you have to know at least in the enterprise where information is stored and you have to have real-time access to your information."

ODCA is an independent group working on open standards in data systems, whose members include BMW, UBS, the Marriott Hotel Group and Lockheed Martin among others. Mueller is also vice president of IT infrastructure at BMW.

ODCA has published a Security and Privacy Position Paper following the slew of NSA documents leaked by former contractor Edward Snowden to the press. The ODCA paper (here (PDF)) contains lists of frameworks with a set of best practices and set of nine "use models".

According to Mueller, Snowden created “much needed debate” and opened people's eyes to the importance of their IT security.

However, Mueller reckoned, concern about keeping your data secure from the NSA is little different to keeping it out of the hands of others, for example hackers.

Mueller claimed he knew of companies who’d been using US cloud service companies and switched as a result of the Snowden revelations.

These included some who’d stopped using Microsoft’s Windows Azure service.

“That depends on the company and on what their position is,” Mueller told The Reg. “If a company is located in the US it’s easier to use the US service, but more and more of the cloud providers try to get hosted in Europe but still the Patriot Act tells them what to do. The enterprise has to decide what to do.

“If you have been working in this environment for many years and have the expert knowledge, you know all the risks. It’s not just Snowden. You have to secure your information all the time.

“The advice to members is clear: use best practice papers from ODCA and work with this,” Mueller said. “Think security from the start.”

The group's security paper comes amid a steady stream of reports and warnings that US technology companies stand to lose out thanks to the NSA's prying.

The documents leaked by former NSA sysadmin Edward Snowden centred on the agency's massive hoovering up of data and its tapping of data centres and telecoms lines used by large US service providers.

This was done both with and without the knowledge of US tech companies, the leaked documents alleged.

The Information Technology and Innovation Foundation (ITIF), a group of high-tech companies patronised by senior US politicians, last year claimed in a report (PDF) that the US cloud industry could lose between $22bn and $35bn in the next three years as a result of international concern over the NSA revelations.

Late last month, the German government told reporters it was cancelling its contract with US telco Verizon and would ink a deal with home-grown carrier Deutsche Telekom. It cited Verizon's ties with the NSA as one of the reasons behind the move. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.