The recent revelations leaked to the international press by whistle-blower Edward Snowden regarding the scale of the US Government’s data surveillance programme have raised major concerns about the security of information stored in the Cloud, causing some to question where this leaves our basic human rights to privacy (a subject Egress CEO Tony Pepper has previously discussed
The latest reaction has been the closure of two high-profile secure email services, Lavabit (a former favourite of Snowden’s for sharing information securely) and Silent Circle. Their reasoning? To avoid becoming ‘complicit in crimes against the American people
’. In fact, Ladar Levison, Owner and Operator of Lavabit, has declared that:
‘This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.’ (http://lavabit.com)
What does this mean for the future of Cloud-based data security?
It remains to be seen whether these latest developments have any lasting impact on Cloud security; however they do raise questions over data residency and the laws that companies and their data fall under.
Levison’s caution to avoid companies with physical ties to the US is a thinly veiled remark about the Patriot Act. Formed in the immediate wake of 9/11, the act enables the US Government to gather information on US and non-US citizens, granting them access to all data within the country and that of sister companies based outside the States or those using US subsidiaries for data processing. Fortunately in the UK, however, the Data Protection Act comes with various caveat
s that offer citizens greater protection and assurance over when and why their personal information might be accessed. Of course, there is no guarantee that these laws won’t change over time, which is something that we should all remain aware of.
It’s my opinion that Snowden’s revelations will have a positive effect on Cloud security in the long term. Individuals and businesses have had their eyes opened, and arguably will proceed with much more caution in the future when choosing where to store their data, and with whom. Simply put, they need to be aware what laws can, and will, be applied to their data (including any backed up versions, which may reside in a different country), and whether these will safeguard their right to privacy.
This increased awareness can only be a good thing for UK-based companies, and specifically Egress, who offer a combination of cloud-based, hybrid and on-premise data storage solutions. Crucially, this type of flexible hosting platform gives customers choice over how and where their data is stored. Depending on their appetite for risk
, and the confidentiality of the information they manage, they remain in control and have the assurance of end-to-end information security throughout the lifecycle of their data.
Governments will always need to intercept communications and access data in the interest of national security, a fact that most people can accept as long as the necessary legal and constitutional steps have been taken.