Gartner analysts Jay Heiser, Lawrence Pingree, and Carsten Casper just published a research report on one of the most hotly debated topics in cloud computing – Who’s Afraid of the Patriot Act: Law Enforcement and Service Providers, where they outline their key findings and recommendations.
Implications of the USA Patriot Act are a commonly expressed reason why non-U.S. buyers avoid the use of U.S.-based or U.S.-owned cloud or SaaS services. These concerns extend to non-U.S. subsidiaries and affiliates of U.S. companies.
The report mentioned that in a recent Gartner survey, 14% of service providers indicated that they had received a Patriot Act request from the U.S. government. However, the report also states that the lack of judicial oversight makes it impossible to really know the extent to which the U.S. government is using the provisions of the Patriot Act to secretly examine customer data.
Their top 2 of the 5 recommendations were:
• Use encryption to protect any sensitive data stored outside of organizational control.
• Maintain direct control of encryption keys.
Here at CipherCloud, we couldn’t agree more! We too are seeing data residency as one of the major roadblocks to cloud adoption in enterprises. There are also concerns around inadequate control, data privacy, security and compliance, which are also slowing down adoption of cloud innovation. Enterprises are trying to limit the use of public cloud or SaaS services to only a few applications with non-sensitive data. We believe every enterprise buyer, whether US or non-US, should do due-diligence before deciding to send their sensitive data, including their customer data, in clear in the cloud, and take a look at a new and innovative technology, cloud encryption gateway, that gets installed on-premises to encrypt sensitive pieces of data in real-time w/o breaking cloud applications while providing customer full control of encryption keys.
The report is a must-read for non-US and also US buyers of cloud or SaaS services.