NSA PRISM: The cloud laughs at the tin foil hat brigade

NSA PRISM: The cloud laughs at the tin foil hat brigade

Summary: I hate to break it to you guys, but the government just isn't that into you. Moving your organization's applications and workloads to the cloud from a traditional on-premises model fundamentally changes nothing about the impact of NSA surveillance on the enterprise.

SHARE:
107

So the big story in the news is that the conspiracy theorists got it right -- the National Security Agency is, in fact, collecting and performing analysis on massive volumes of data about the electronic communications and digital footprint of everyone in the United States that participates on the Internet.

tinfoil-hat-and-tv
Image: CBS Interactive/ZDNet

As I wrote earlier, this should not be a surprise to anyone.

The NSA has been involved in widespread electronic surveillance programs since its secret beginnings at the end of the Truman administration in 1952, and has constantly increased its surveillance footprint as the secretive organization moved from more of a SIGINT (Signals Intelligence) role to more of an ELINT (Electronic Intelligence) role since the Internet and various social networks and online services became a more prevalent form of communication than analog and digital telephony, among others.

My colleague and networking columnist Steven J. Vaughn-Nichols jokingly suggests that individual end-users can minimize the impact of the NSA's surveillance programs on their person by among other things, abandoning the use of cloud services.

Be afraid! Ditch the cloud! Anonymize everything! 

I hate to break it to you guys, but the government just isn't that into you. And this recent revelation about PRISM and other wide-ranging NSA electronic surveillance programs, while disturbing, fundamentally changes nothing about an overall shift to cloud-based computing.

ZDNet's Ed Bott discussed a more balanced approach to dealing with the NSA situation by embracing the practice of minimizing one's electronic footprint.

But really, even if everyone were to go about practicing safe web browsing and using high-grade encryption on cloud storage for retaining high-value impact documents and keeping them away from prying eyes, the NSA has resources that can overcome much of the concealment efforts any particular user could attempt to employ if it decides you truly are a target of interest.

Let's forget about the paranoia of individual citizens for just a moment and get to more pressing issues — the concerns of large enterprises in a world where all electronically transmitted information can potentially be reviewed by the government for suspicious activity.

Yes, the notion of having an enterprise's data being intercepted by the NSA and other intelligence agencies is disturbing.

But it's not like this just started happening, it's been going on for at least the better part of a decade if not longer. We have to assume that electronic surveillance of upstream data at large telecoms providing the WAN and extranet connectivity to private datacenters has also been intercepted, through secret programs and through legal mechanisms such as FISA orders.

Moving your organization's applications and workloads to the cloud from a traditional on-premises model fundamentally changes nothing about the impact of NSA surveillance on the enterprise.

This is nothing that you can realistically control, and you need to continue to operate your business as usual.

But most importantly, an enterprise has other pressing concerns which trump anything the tin foil hat crowd, now partially vindicated, can come up with.

And those concerns and drivers are ever-pressing requirements to reduce the on-premises footprint of your company's infrastructure as well as the simultaneous need for your ability to be agile and provision resources on-demand.

And in an age where every little bit of an enterprise's IT infrastructure cost is being heavily scrutinized by the CFO and its horde of bean counters, while simultaneously requiring the capability for self-service and highly automated processes to reduce human overhead in IT management, concerns of being spied on by the National Security Agency should be the least of your problems.

So yes, the NSA situation with PRISM and its other programs which we have to assume that dig deep into our national telecommunications infrastructure is stinky.

But honestly, I would be much more concerned about individual hackers that work with sponsored entities of other governments or those working for criminal organizations having the potential to penetrate your application data than the NSA.

But investing in cloud doesn't necessarily make you more exposed, particularly if you are working with a provider that can give you a virtual private cloud infrastructure with higher SLAs than what is available in public cloud implementations.

Additionally, you want to pick one which can offer you end-to-end high-grade encryption VPNs, via accelerator appliances and software-based solutions from your on-prem systems to your cloud-based apps through your extranet connection.

It should also be noted that by moving line of business applications to the cloud, you can use this as a "Green Field" opportunity to move them to IPv6, which includes support for end-to-end encryption through mechanisms like IPsec which are implemented in the IP stacks directly from the OS vendor.

Current OSes that support IPSec include Microsoft Windows Server 2012 (and earlier), Linux distributions with 2.6.x kernels (such as RHEL 6 and earlier), UNIX operating systems such as AIX, HPUX and Solaris and BSD, as well as Cisco's IOS core router operating system, among others.

IPsec features from supporting vendors may differ, however, so you'll want to look at them closely if you're considering end-to-end encryption between your server resources.

IPv6 is coming anyway, you'll eventually be forced to deal with it at some point and it's far less of a bear to deal with if you migrate the apps to a cloud provider.

This gives you the benefit of being able to remediate what is needed to make them work with IPv6 in an untarnished environment rather than trying to re-engineer the apps to function on (and possibly disrupt) your on-prem infrastructure instead.

So yes, the NSA gives organizations something to think about when it comes to implementing security across the board. But it's not going to stop a tidal wave trend of wide-sweeping reduction of overhead in both on-premises infrastructure as well as human resources, and the need to be agile at the pace that the business demands.

Has the NSA scandal put a black mark on private and public cloud implementations, or will the reality of business drivers make enterprises proceed as usual? Talk Back and Let Me Know.

Topics: Cloud, Networking, Security

About

Jason Perlow, Sr. Technology Editor at ZDNet, is a technologist with over two decades of experience integrating large heterogeneous multi-vendor computing environments in Fortune 500 companies. Jason is currently a Partner Technology Strategist with Microsoft Corp. His expressed views do not necessarily represent those of his employer.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

107 comments
Log in or register to join the discussion
  • How stupid are you dude?

    NSA can read all information from any user worldwide without any efforts as long the user is subscribed any US-based service and could do massiv big data analysis, eventually getting to know everything about users in any country.
    And, in particular, about the enterprise. This knowledge, traded to the right people, could obviously influence business descisions or even ruin economies.
    Riots could be started in an Agent provocateur manner much easier if it is know which people are prone to astroturfing and governments could eventually be forced to resing - Prism is a incredible strong weapon!
    Of course, if *any* secret services decides you to become a target, you`ll end up under surveillance, whichever security method you use. Encryption is still save, but they could still e.g. hack into the backend to grep the unencrypted stuff from there. Pretty obvious.
    But it`s all about the big picture - about infrastucture, trending topics, relations between people, the big data in total.
    No one does really want any government to know that much about peoples communication habbits and social interactions. It is like in 1984.
    I still don`t get why the streets aren`t full of people protesting against the NSA arbitrariness. If something similar would have come to light in Europe I`d be sure hundreds of thousends people were on the street protesting!
    hacho
    • You aren't really helping...

      ...by coming onto the internet, you yourself have just made yourself a target. Keep an eye out that window, we're watching...
      MediaCastleX
      • no no ... target me...please!

        Let's see...
        China...USA...China...USA
        Can you spot the difference?
        Do you remember how high and mighty Google was in their issues with China and now with the US we see that google has round heels (that means an easy push-over).
        China...USA...China...USA
        Can YOU spot the difference?
        I can't, but then maybe I am just a blind self-taught lawyer.
        Bradish@...
        • Actually Hacho beat me to it

          You are incorrect in your assumption that the Tin Foil Hat brigade is that concerned about being personally monitored as their laundry is nowhere near as dirty as those doing the monitoring.

          Anonymous, Wikileaks, Manning, and Snowden are just the beginning of a massive approaching tsunami of whistleblowing that they are desperately trying to prevent.

          Many have been watching the surveillance society develop for decades now so none of this is a surprise to them. They are not so self-absorbed to think that ‘the government is into them’ and that is why the paranoia label doesn’t necessarily stich as well. Though I wouldn’t put it past anyone with access to the stored data to find and persecute that person that accidentally cut their daughter off on the freeway just because they could.
          The real problem though is that there have been indications spanning the decades that there is more to this than something that is in Americas best interests.

          Compartmentalized factions have split off and are using it to protect their criminal activities. Fact of the matter is that it is extremely well documented.
          Astringent
        • Exactly

          Plus, the already small differences get even smaller with every civil liberty our government eliminates. The only difference is China is less covert in their monitoring and abuses. When dissidents are jailed in China, they announce it. When a suspected dissident is sent to Guantanamo they simply disappear off the streets without even telling their family. There is no trial. All they have to do is label you a security threat (whether true or not) to put you away. Several families have had to fight like crazy to save their falsely-accused loved ones from that prison camp.
          BillDem
          • another media-like generatlization

            Provide names or shut up.
            sigrossman
    • wow

      That actually hurt to read man. I think proof reading your rant before clicking the submit button would be a good idea from now on.
      Godmocker
  • Perhaps...

    ...deriding cloud skeptics as the tin foil hat brigade isn't a good way to address their concerns.

    I do think that MS corporate culture is starting to rub off on you and this is not a good thing. You're starting to sound like the folks who insist we all have to run out and buy Windows 8 because it's The Future.
    John L. Ries
  • Tin foil hat, LOL

    Silly blogger don't you know that Titanium works far better than tin foil?
    DancesWithTrolls
    • Would it?

      Mind you, real tin foil is hard to find any more (aluminum definitely wouldn't cut it).

      But stainless steel will block beta particles (you need lead to block gamma rays), so maybe it would protect brains from external tampering as well.
      John L. Ries
      • Chuckled at that one

        I can just see everyone on the streets walking around in Magneto-style helmets. :)
        BillDem
        • I was thinking of stainless steel fezes

          NT
          John L. Ries
      • You need FEET of lead

        You need a lead shield FEET thick anyway to block gamma rays. But gamma rays are not used by any human technology to transmit information (HUMAN technology). But just give up, they're using quark-charmed neutrino beams anyway. ;-)
        jallan32
        • As far as most of us know...

          ...there are no human technologies that will either read or manipulate the contents of the human mind without the cooperation of the target. As I recall, real tin foil hat proponents were attributing these technologies to space aliens.

          But were you to believe in such things, low level gamma radiation would be as likely a medium as any. It certainly would have the advantage of penetrating aluminum foil (I don't think I've ever seen real live tinfoil); thus frustrating the efforts of savvy earthlings to prevent brain tampering.
          John L. Ries
  • That is until they are.

    "I hate to break it to you guys, but the government just isn't that into you."

    I have no doubt the NSA doesn't give one wit about me. At least for now. But what if they should become interested in me? That's what worries me.
    ye
    • What's worse

      What if you flunk one or more of the NSA's models, causing the feds to pay more attention to you? There are such things as false positives even with the best models, and I doubt these are anywhere near that good.
      John L. Ries
    • The current persecution of unapproved

      political activities by ordinary citizens shows Perlow doesn't have a clue as to what he's talking about. The government is very much into you. They are monitoring all of us precisely so they CAN identify "enemies of the state," with enemies being designated as those with unapproved political viewpoints.
      baggins_z
      • And just think...

        ...of the wonderful precedent we've set to allow the next Republican president to turn the tables.
        John L. Ries
        • What makes you think there will

          Ever be another Republican president?
          baggins_z
          • Patterns haven't changed

            The last Democrat *elected* to succeed another as President was James Buchanan in 1856. The most consecutive presidential elections won by the Democrats is 5 (1932-1948; also the only time since the Civil War the Democrats have won more than two in a row). You might also remember that the Republicans still control the House of Representatives and the Democratic majority in the Senate is quite small.

            Furthermore, since WWII, neither major party has won more than three presidential elections in a row. It was widely claimed back in the 1980s that the Republicans had a lock on the Electoral College, but that was poppycock too.
            John L. Ries