Geoprise Foresees Diminishing Business Confidence in Public Cloud Services Following Revelations of US Government Surveillance

Share Article

New research finds that legitimate businesses of all nationalities bear full responsibility for data security, yet are powerless to prevent data leaks when using US-based public cloud services. For many, revelations of pervasive US government surveillance will expose risks that overwhelm the public cloud's benefits.

US government surveillance of the Internet poses a major threat to the fast-growing cloud computing industry and its business users, according to research findings of a new study, “In Clouds We Trust? National Security Disrupts the Cloud Computing Risk Landscape” released by Geoprise Technologies today.

“It has suddenly become clear that public cloud computing carries greater financial and operational risks than most people ever imagined, and these risks may far outweigh the business opportunities and benefits for providers and customers alike,” said Nelson Nones, Geoprise Chairman and CEO. “The consequential threats will be taken so seriously that businesses could abandon cloud computing services going forward – or refuse to consider them at all – because they have little or no control over the risks.”

The crux of the problem, according to Geoprise, is that US-based software and services firms have penetrated the global market by joining the US-EU Safe Harbor program, which brings providers in the US – which does not satisfy EU “adequacy” standards because it has no national data privacy laws – into voluntary compliance with regulations in Europe and a steadily growing list of Asia-Pacific countries that protect “data subjects” of all nationalities, everywhere in the world.

But businesses who utilize US-based public cloud services even though they know that the US government could secretly compel their providers to hand over Internet content without a warrant may, in fact, be culpable for neglecting their duty of care to prevent unauthorized disclosure of personal data that is imposed upon “data controllers” who are established, or who process personal data, within those territories. Typically, cloud service providers are merely “data processors” who can transfer their customers’ data to and from US data centers as they see fit to fulfill their service level commitments. Under typical service contracts, the customers are responsible for making sure their providers follow the rules, and are consequently liable for any penalties and sanctions assessed by non-US authorities as a result of security breaches caused by US government surveillance. And even when businesses don’t have to comply with local regulations, they need to safeguard their own data and, should a security breach occur, they might also be liable for damages under commercial contracts that protect confidential data belonging to their customers and suppliers.

“Because they cannot restrain their service providers from transferring data to the US, these businesses are powerless to prevent security breaches, or truly understand their exposure to such risks,” said Nones. “Nevertheless, they remain fully liable for the consequences. Until last week, the risk seemed quite manageable for legitimate businesses who conscientiously follow the rules, but the apparent breadth and scale of US government surveillance has shattered this illusion. As long as the US government continues to secretly obtain huge amounts of Internet content, they could try to defend their information assets using strong encryption technology, but our research shows that very few public cloud service providers support encryption, and those who do support it require their customers to make large up-front investments in on-premise systems. The only other fail-safe options are switching to non-US providers, or cancelling their cloud subscriptions.”

Those choices, according to Geoprise, would put the once-promising public cloud services industry under direct threat. Globally, the industry was expected to generate USD 120 billion of new revenue per year (excluding cloud advertising) between 2013 and 2016, with nearly 60% (USD 70 billion) originating in the US. “A sudden collapse of trust in US-based providers would certainly trigger a sizeable contraction of demand for public cloud services, leading many providers to re-think the business case for offering cloud computing services,” Nones commented. “Looking further ahead, such disruptions might motivate a fundamental restructuring of the business model upon which most public cloud computing services are built and offered.” In short, the Geoprise report concludes, the cloud computing industry might not survive in its present form.

Additional information is available in the report: “In Clouds We Trust? National Security Disrupts the Cloud Computing Risk Landscape,” which is available on the Geoprise Web site at

About Geoprise

Geoprise Technologies focuses exclusively on delivering top-quality expertise and technology solutions for businesses operating in Asia and the Pacific Rim, Europe and North America. The firm concentrates its expertise in two practice areas, strategy and operations and information technology, while maintaining strict independence from other professional firms and technology providers.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Follow us on