Almost a month ago, allegations of widespread NSA surveillance sent shockwaves around the world. Cautious web users started thinking a little more carefully about what they do online, with social networks such as Facebook coming under fire for allegedly providing ‘backdoor' access for security services. Even the EU had to begin considering holding meetings in the Brussels sunshine as "disturbing" claims emerged accusing the NSA of bugging EU offices and hacking EU computers.
One of the other lasting consequences could be a dwindling trust in secure cloud providers. Neelie Kroes' EU speech warning of multi-billion euro consequences for cloud providers highlighted a very interesting point. In the wake of this scandal, there is an enormous opportunity for IT vendors to sell beefed-up secure servers to clients who hold sensitive information.
Kroes' extensive work on the EU's Digital Agenda puts her right up there as one of the most respected technology speakers in Europe, and her words on the cost of the scandal carry a lot of weight. "If businesses or governments think they might be spied on, they will have less reason to trust the cloud, and it will be cloud providers who ultimately miss out," she said. "In this case it is often American providers that will miss out, because they are often the leaders in cloud services."
Indeed, European corporations have always eyed US-based cloud companies with a little suspicion; taking all of your data and outsourcing it to a huge cloud corporation does rather take away control, something many CIOs do not enjoy.
But it's not just providers across the pond who are going to suffer. In a discussions in the House of Commons last week, former shadow home secretary David Davis alluded to the fact that countries with more stringent privacy laws, such as Germany, would see a benefit when it comes to data hosting, while countries the UK, where data spying concerns now exist, would see interest disappear. He also made very clear that he thinks current UK law was "completely useless" for UK citizens.
Countries outside of the EU also reportedly benefit from this. Switzerland, for example is well-known for its offshore-style private banking system, and this attitude is reflected in the IT sector. Outside of the EU, pan-European agreements for data sharing do not apply, with data only accessible after liability or guilt is proven.
Simply, in the same way anonymous search engines such as DuckDuckGo are rapidly gaining popularity, cloud solutions based in countries with better privacy laws seem to be gathering momentum.
One such company benefitting from a heightened level of paranoia is Artmotion, which touts itself as Switzerland's biggest offshore cloud provider. The company saw a 45 percent rise in demand for secure cloud services in the wake of the PRISM scandal, and while correlation does not mean causation, it certainly made for interesting reading.
With companies ranging from tobacco to tech, from oil to security firms, security and data privacy sit right at the top of their priorities list. Mateo Meier, the company's chief executive isn't surprised by the rise in demand for secure cloud systems outside of the EU.
"We have many clients saying they don't know what the government is doing, and those companies usually pay very little attention to the details of privacy," he explained. A staggering 80 percent of companies who host with Artmotion turned to them after a security breach, so turning to secure solutions seems to be much more like damage control than an initial priority.
In particular, Meier is noticing a large influx of UK-based companies requesting his services; he estimates in recent weeks that roughly 25 percent of calls have come from UK numbers.
"We fight for protection and honest business, and I think that's going to continue for the next few years," explains Meier. "Privacy is important but it will be more so in five or ten years. Money is replaceable but data is not."
The only problem with this is that just because laws exist doesn't mean they won't be broken. If proven true, the spying and wiretapping allegations from the last month are very close to the edge of the law, if not rather over it. The fact that strict privacy laws exist in Germany and Switzerland does not mean that government teams won't give it a go; it's just that the diplomatic consequences would be rather stronger with these laws in place.
If the revelations of unabated data access continue, it's entirely feasible that cloud vendors in countries without strict data laws could see their customer base dented. It just depends on how many more nasty surprises there are to come.
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal