The Edward Snowden case made me think about how organizations are handling data today, and how I’m handling and storing my own personal data. According to Snowden, the NSA’s surveillance programs, which Snowden exposed, allow the government to tap into anyone’s data with the consent from the major cloud players. Edward Snowden went further and said that Google, Facebook, Apple and Microsoft gave direct access to NSA.
I personally have nothing to hide, and I don’t care that my data is exposed. I know that at the moment I plug my computer to the Internet I am in some way or another exposing myself and my data to the outer world, but I am certain that many organizations would be concerned to the fact that the government has full access to corporate data stored on the cloud.
“The USA PATRIOT Act of 2001 is an Act of Congress that was signed into law by President George W. Bush on October 26, 2001. On May 26, 2011, President Barack Obama signed the PATRIOT Sunsets Extension Act of 2011, a four-year extension of three key provisions in the USA PATRIOT Act] roving wiretaps, searches of business records (the “library records provision”), and conducting surveillance of “lone wolves” — individuals suspected of terrorist-related activities not linked to terrorist groups.”
I am a technologist and I don’t want to get involved into politics and the reasons behind the USA PATRIOT Act. Of course I have my own opinions, but they don’t matter in the context of this article.
The reality is that if your organization uses some type cloud storage it’s likely that corporate data is exposed to the USA government, all it’s agencies, subsidiaries and potentially foreign countries to which USA cooperates with. That may include, but are not limited to the following services: Google Drive, DropBox, Box, Sky Drive, iCloud or any other cloud service where you do not own the encryption keys for your data.
On the other side of the spectrum, there are services like the new NZ based MEGA, from Kim Dotcom, which is responding to charges of criminal copyright infringement in relation to his Megaupload website. Unlike the industry norm where the cloud storage provider holds the decryption key, with MEGA, you control the encryption, you hold the keys, and you decide whom you grant or deny access to your files. MEGA is not alone in the private encryption key business, competing with SpiderOak, Mozy, Carbonite, CrashPlan, iDrive amongst others. However, these cloud based services are mostly backup and recovery tools, not offering a multi-device ecosystem and most importantly, enterprise-grade collaboration tools and features.
Crumpled DATA under a mattress
According to CBS News research, as many as 28 million people in the United States are forgoing traditional financial institutions because of mistrust, cultural and language barriers or a belief that by the time all the bills are paid there will be nothing left in an account. If you think,about it, the scenario doesn’t sound that much different from the Snowden story in relation to trust to cloud services.
The VMware Horizon Workspace and Horizon Data can help organizations to overcome this type of data leak. With Horizon Workspace the data from end-points (tablets, phones, laptops, desktops and web) is synchronized back to the organization’s datacenter, where administrators can ensure they apply their own level of data encryption, backup retention and disaster recovery policies. This is a contrast to the cloud storage approach where administrators do not have to worry about such aspects, but on the other hand organizational data is safely stored under your management and control.
Another option is to use Horizon Workspace as a hosted service and ensure the service provider execute maintenance operations. Either way your company’s data is protected and shielded from a potential NSA review requests.
Despite knowing it’s possible nowadays to run analytics at that scale, and also knowing that the Obama administration is investing $200 million in big data research projects (Source), I doubt that unless there is a really good reason to tap into someone’s data the system would be used against ordinary people and corporations. On the other hand, there is no analytics to be done unless the NSA taps into all data available; and supporters of the USA PATRIOT Act insist that the dragnet surveillance has caught lots of terrorists.
Cloud computing is here to stay, not only because the model is more efficient and more cost-effective than the traditional IT infrastructure, but because it promotes the promise of specialization. Organizations need to learn that although certain workloads belong to the cloud, not necessarily all datasets should be out there.
A Comprehensive List of Big Data Statistics
Edward Snowden says Google, Facebook, Apple and Microsoft gave direct access to NS
Seven Myths About Edward Snowden, NSA Whistleblower | The Nation
Disclaimer: Any views or opinions expressed in this article are my own, not my employer’s. The content published here is not read, reviewed, or approved by VMware and does not necessarily represent or reflect the views or opinions of VMware or any of its divisions, subsidiaries, or business partners.
This article was first published by Andre Leibovici (@andreleibovici) at myvirtualcloud.net.