Friday, June 28, 2013

Warning U.S. Cloud Tenants: There's a Fox in the Henhouse

by Dietrich Schmitz

It's more than a bit worrisome not just for Amazon Web Services, but other Cloud ISPs as well as their customers who need to come to terms with the legality of what the disclosure of the NSA PRISM surveillance program means in pure risk management terms. (Image credit:

"What are the chances of an unforeseen issue causing extended interruption of service to my Cloud ISP infrastructure (vis a vis MegaUpload search and seizure), where I am potentially one of thousands upon thousands of tenants?"

"Is the threshold of risk acceptable given that currently the Patriot Act and National Security Letter allow intrusion and interruption of service at any time and without my being able to prevent it from happening?"

These questions should be on the minds of any domestic or international corporation at this juncture which depends on a U.S. domestic soil-based Cloud ISP for their business operations.

Data privacy should be a big deal in the U.S. but thus far hasn't been.

The situation is quite the opposite in the EU.  In fact, in Germany the level of insecurity is sufficiently high that European customers don't want their data exposed to the U.S. government Patriot Act.

One proposal from Reinhard Clemens, CEO of Deutshe Telekom's T-systems group would like certifications to enable the creation of super-secure clouds in Germany to safely isolate their data away from the U.S and the U.K. who work closely with the NSA. This cloud 'fortress' would allay the concerns of present tenants in the EU cloud who are applying due diligence to ensure that security standards are now tightened to eliminate any possibility of U.S. snooping.  In a comment made to Bloomberg by Clemens he said:

"The Americans say that no matter what happens ‘I’ll release the data to the government if I’m forced to do so, from anywhere in the world’ … Certain German companies don’t want others to access their systems. That’s why we’re well-positioned if we can say we’re a European provider in a European legal sphere and no American can get to them."

Americans are currently 'under the thumb' of laws enacted for 9/11 which no longer serve to protect our country.  Instead, they have overstayed their use during a tumultuous period of uncertainty over a decade ago.  Today, instead the laws are now being used to overreach government authority and violate basic privacy laws of the U.S. citizens.

U.S. Citizens have every right as taxpayers to reach our State Senators and Congress people to say we question the need for the NSA's PRISM program and we question the need to continue the Patriot Act and to state clearly that a new set of Internet standards of privacy must be set forth as a Federal mandate to keep government and other entities 'in check' from overreaching their authority in violation of the American's basic right to Internet privacy, including the data stored in the Cloud.

Clearly momentum is building for heightened security measures in the Cloud and movement away from U.S. jurisdictional authority is just one option current Cloud tenants have to consider.

-- Dietrich

Enhanced by Zemanta


Post a Comment