Questions about data governance loom large for CIOs considering a move of primary business functions to services such as AWS. “Amazon AWS, for example, for all its benefits, is the poster child for data governance red flags to CIOs. Its SLAs are tuned for self-service and scale, not for customization and aligning with the edicts of most mid- to large-sized organizations,” said Vellante in Eleven Questions to Consider Before Moving Tier One Apps to the Cloud.
However, the recent revelations about the U.S. Government’s National Security Agency use of the U.S. PATRIOT Act to obtain electronic data from third-parties like AWS and other cloud providers have given CIOs pause when turning to public cloud options.
In June and July of 2013, the Cloud Security Alliance found that 10% of its members surveyed had cancelled a project with a U.S.-based cloud provider and 56% indicated that they would be less likely to use a U.S.-based cloud service provider. While the PRISM fallout is still falling, the Information Technology & Innovation Foundation projects that the U.S. cloud computing industry could lose between $22 to $35 billion by 2016 as CIOs are soured by the notion of PRISM gaining hold of sensitive business data.
Obviously, CIOs could be easily compelled to hand over data from their private clouds through the PATRIOT Act, but in those instances, they would be informed of the transfer of information to the government through a federal subpoena. The PATRIOT Act specifically prevents SaaS providers from notifying their customers about any data seizures.
Action Item: CIOs should contemplate how the organization feels about unauthorized – at least in their opinion – data interception from the NSA when using Google, AWS and other public cloud options.
Footnotes: