The NSA's impact on US datacenter hosting

The NSA's impact on US datacenter hosting

Summary: Will all these revelations impact the datacenter hosting business?

SHARE:
18

In a survey commissioned by Canadian-based hosting provider Peer 1 of potential Canadian and UK datacenter customers 25 percent of the respondents indicated that they were planning on moving their data outside the US and hopefully out of the reach of the NSA.

eoy-03-nsajournos

The independent survey of 300 datacenter customers also indicated that their overall trust in hosting providers was negatively impacted by the entire NSA debacle, with more than half also distrusting the public cloud in general. This actually contrasts oddly with the 81 percent who made a point of wanting to know exactly where their data was being stored, a concept that undermines the concept of cloud-based storage to a certain degree.

Despite the concerns over the activities of the NSA and the overall opinion that the strength of a country’s data security laws are a paramount issue, the US remains the most popular offshore destination for the rest of the world’s business in terms of places to store their information. As might be expected in a survey for businesses in the UK and Canada, their own countries were the most popular place to store data, but the US remained the most popular other location by a huge margin. But regardless of the trust levels, almost two-thirds of customers were looking to migrate their data back to their own country within the next five years.

On the positive side, the high profile of the NSA issues and the Snowden incident has made many datacenter users more aware of the issues surrounding data security and to the majority of those surveyed, highlighted their own awareness of just how little they knew about the issues surrounding the security of their data. This contrasts with the same people acknowledging how important it was to understand data security, data security laws, and how that data security was being implemented by their datacenter providers.

To draw your own conclusions, the results of the survey can be found on Peer 1’s website here.

Topics: Data Centers, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

18 comments
Log in or register to join the discussion
  • It's my understanding ...

    that the reason why U.S.-based storage is so popular is that surveys have shown that U.S. providers tend to have a lot better reliability and tech support.
    Rick_R
    • but for every business is better to leave the USA

      but for every business is better to leave the USA
      the US companies should sue the fascistic secret FISA laws for destroying their business
      Jiří Pavelec
  • NSA and reach

    I doubt seriously that moving it out the US does anything other than making it a more open target.
    hayneiii@...
    • not necessarily

      the NSA has been shown in this whole debacle to collect essentially all data flowing through US boarders (which is more than just data hosted in the country), but that plus FISA court orders makes all the data in the country essentially at the fingertips of the NSA. and remember, this issue has as much to do with consumer opinion as it does with any real security risks, for which the NSA is, right now, a much bigger deal than other sources of security issues.
      theoilman
    • Not the point for them moving onshore

      Organisations have obligations to protect the private information they hold about thier clients. One aspect of those obligations is to inform thier clients in the event thier information has been accessed without thier authorisation. This allows trust to be maintained between the entity and thier client.

      The Snowden thing has highlighted the fact the 702s and other secret court orders existance threatens the ability of organisations to inform thier clients in the event thier information was accessed without authorisation. This is because the 3rd party provider is prohibited by the secret court order from informing anyone else, including the organisation.

      This creates an additional legal problem for the 3rd party because the contract they hold with the organisation may contain a clause requiring them to inform the organisation in the event they discover thier information has been accessed. So the 3rd party is in a no win situation, and may choose to fold like Lavabit did, creating additional risk for the organisation.

      Unfortunatly, by moving onshore, organisations still won't have solved the legal problems because the US legislation ignores the location of the data - only the location of the 3rd party. So a US cloud vendor would still be in the same amount of trouble, and the organisation will have the same problem.

      Depending on the country the clients are in, they have rights to know how thier information is being protected. They could choose to initiate action against the organisation if local obligations are not met, or may not be met.

      When any responsible organisation does its risk assessment post Snowden, it looks at the US and determines that whilst the likelihood may still be low, the consequences are very high, making the risk unacceptable without treatment. Unfortunatly the most viable option the organisation has to treat the risk is find a new vendor owned and based onshore, or go for an in-house solution.

      The other risks like malicious attack do not vary much overall.
      NZO893
      • There is Always Risk

        I have to work in an area governed by HIPAA/HITECH, CJIS and PCI-DSS rules/laws. Technically, we can't use most public hosting because the hosting servicesn refuse to obide by these laws (Google, Dropbox, etc.). That is, they do not take any responsibility for the privacy of your data and even claim they have a right to do whatever they want with it including public display. In many cases, your data is already overseas with these providers. I'd actually feel safer with NSA holding my data than any of these providers who have their employees read all of your stuff.
        hforman@...
    • Legal reasons

      there are also legal reasons. In Europe the data cannot leave the EU without written permission of all identifiable entities (people and businesses). Until now, a blind eye was turned to cloud services storing them in data centers around the world, but after the NSA scandal, the use of any service provider with an office or a server in the USA potentially opens the user up to prosecution.
      wright_is
  • NSA's impact on the World

    How much has the NSA cost businesses because of their illegal activities, (according to one Federal Judge), ordered by the President, according to the NSA, they were just following orders.
    Foreseen
  • Makes sense

    US companies would do the same if they learned that Germany's secret services have a backdoor to read all data stored in German servers and dont even need a warrant.
    malcarada
    • Its worse than that...

      malcarada, the US Government can also get the data on German servers, if the owner of the server (cloud provider) is a US company or has any presence (local offices, servers etc.) in the USA.
      wright_is
  • NSA spying

    The NSA is pledged to collecting every digital trace of every individual world-wide. This amounts to the most powerful weapon ever invented. I can see no alternative but for the European Union, and China and other Asian nations, and many in South America to draw down an electronic curtain cutting off, as best they can, their electronic data storage systems from those of the United States. To do anything less would be to allow their own societies to become increasingly vulnerable to manipulation, and control at all levels by the NSA, and other security agencies of the United States. This will eventually lead to a recession in those regions of the United States that are currently undergoing a boom, due to the rapid growth in Cloud computing. Growth in Cloud computing will continue but will be circumscribed within national and regional borders, and will be limited in the future in comparison to current projections.
    Richard Kerr_412
    • NSA Spying

      "I can see no alternative but for the European Union, and China and other Asian nations, and many in South America to draw down an electronic curtain cutting off, as best they can, their electronic data storage systems from those of the United States."

      And don't you think that those countries own security services aren't doing much the same thing to information passing through their borders?
      Ian Sargent
      • Spying conducted by other nations

        Yes, they absolutely are. They are doing as much spying as they can. The United States is just so very good at it, and less information from the United States is stored with other nations data systems. The United States has had a tremendous head start in all things related to the internet, and data storage. Therefore, until some parity is reached, the other nations that can afford to will shun the date storage companies of the United States.
        Richard Kerr_412
  • IT will likely make a difference

    I don't think the overall trend in internet usage will change from its current trajectory.

    However, the public now *knows* that this has been going on, rather than just thinking it probably happens. This will change their perceptions and hit companies that are seen to be too complicit or not seen to be defending their customers robustly enough.

    For a good example of how companies should not behave, look at the Ford briefing given at CES. Also note just how quickly they tried to "undig" the hole. However, the idea is now in my head that car owners are being constantly monitored by Ford.

    Where US companies will be hurt is in dealings abroad. The US government seemed to forget that when it tried to assuage its own voters by saying that it did not apply to US citizens or people living in the US (other than Verizon customers, it seems), they forgot that they implicitly included the majority of Microsoft, Google and Apple customers.

    I predict you will see key contracts not being awarded to US companies and maybe some current ones being scrapped.
    dcarmi
  • Information wants to be free

    and when the potential gain from captured information is far higher than the resources put into keeping the information shackled (this being the case today), all worthwhile information will find a way to escape. Example: the Target hack. Target is the 2nd biggest retailer in the U.S. - they had plenty of resources and expertise to secure their data. As I understand it, the SYSTEM failed them because the transfer of POS info is fundamentally insecure. Nevertheless, they could have done more to protect it.

    The cloud in general, and the U.S. cloud in particular will suffer for awhile... but any server connected to the net in any way is still vulnerable, and BYOD is making it totally impossible for a company to really keep it's data off the net. The NSA will try harder, other govts. will try harder and eventually the Snowden dump won't matter. The light of transparency is dawning, and nobody can stop it.
    ClearCreek
    • As I've said Before

      I'd rather have the NSA look at my stuff than Google, Dropbox or any other cloud provider with employees that have no background check and exist all over the world while they read everything you put up there (so they claim).
      hforman@...
  • Illegal Cloud Usage

    Privacy legislation in many countries prohibit the crossing of national borders with someone's private information (including in Australia where I live) without direct consent. And yet many organisations use cloud for Email or data hosting that host data in the USA or anywhere else other than the country of origin - think Gmail, dropbox etc.
    That moment someone sends an Email to them with private data on it (perhaps as simple as a home address or telephone number) the organisation is breaking the law with direct criminal consequences (not just civil).
    It gets worse at least in Australia. Even if the data centre is in Australia but managed/owned/operated or controlled by a US corporation. The US patriots act means that the use of that data centre is also criminal as the organisation holding the data cannot comply with Australian privacy law due to its obligations under the US patriots act.
    To date people and organisations seem to be ignoring this problem. Someone down the line however is going to test this in court and the implications are serious. Unless the law's are relaxed people will go to jail.
    Australia has been reviewing its privacy legislation. You would think that might cause people to relax. In-fact people should be more worried as the rules are being tightened, not relaxed.
    inmarket
  • Will the NSA care? will it technologically matter?

    Move them wherever you want... as soon as the data comes into a pipe controlled or connect'able-to'able by NSA computers... let alone into the US itself, the NSA can, and seemingly *will* access it.

    What good is an unbreakable key or combination when it's connected to a safe that's made out of wood? Sure you can't break the key. who cares? you can just drill into the safe some other way... it's wood after all.

    My point being, the NSA has clearly shown that it not only doesn't care, but that it doesn't have to care.... the entire might of the US government behind it... and it's military. What country does it matter that it's in?

    If it's being accessed such that it's being brought into the US, the NSA can access it. If it'd being accessed via a network that US investors can partially own, it can be reworked such that it can be routed through computers the NSA can access. If it can't? it can be hacked into by drilling into the cable somewhere along the way. If it's encrypted? Well, that's only as good as the encryption approach itself. If access can't be brokered via the companies directly, then their computers can be hacked. If their computers can't be hacked, then the lines running into them. If not the lines then the computers on the receiving end. If not those directly... then passively via electron bleed from the monitors or the sound pick up from their keyboards... or their webcams/mics... or their cell phones cameras/mics.... Sure it becomes a bit harder, requires a bit more dedication, and definitely requires more resources (thus money), but... if 'they' want to get it, I'm not entirely sure they'd have a problem figuring out a way to.

    Security is, like privacy unfortunately, quickly becoming something of an antiquated concept in this day-in-age. If D-Wave is selling 'quantum computers' to the public... then what do you think the government is capable of inventing in private? the whole concept, at this point, is ephemeral if not already past.
    vailhem