Snowden Affects the Cloud Security Market

Snowden’s revelations, according to many advanced users, will render the Internet as untrusted. From this loss of confidence most affected are the “security as a service” providers, who sells the Internet security services.

Many users are really confused by the revelations of the recent months in part. There is hardly a day without bad news about the vulnerability of our modern information systems. Despite all had the prior knowledge about privacy but it was just a surprise to know the scope and intensity of monitoring techniques. “End of the Internet” has never been apparent, but at least the “End of Cloud Computing” has been mentioned, which is already regarded unsafe in various EU and Asian countries. E-mails, web pages-views, activities in social networks : almost all of the personal Internet activities are scanned and obviously as an essential part of the scheme, the is data stored. A trusting, let alone confidential communication between companies seems not to be really possible.

The development of the young “Security as a Service” (SECaaS) industry has been affected much, which seems to have almost overnight lost to the business model. In principle, it is not a bad idea to sell security services and expertise over the Web. It allows not to follow “must to maintain expensive experts” trend to any business. The question arises now is, rather how safe can be these services if they use the lines which are monitored. Everything rises and falls with the encryption of the transmitted data, so the question of whether they are accessible only to the sender and receiver.

Snowden Affects the Cloud Security Market : Client Side

The body responsible for such questions, Federal Office for Security of Information (BSI) is a little surprised by Snowden’s publications. What is technically feasible, is done is the summary of one BSI spokesman. To protect the data, as they says, what is possible with cryptography, is sufficient, but should also be applied. They refers to the recommendations of the in-house algorithms catalog on encryption techniques. As per their sayings, even in the light of recent findings on the monitoring of the Internet there is no need to adjust.

Encryption of communication alone would not solve the problems anyway. Even an encrypted message, for example contain spyware. Therefore, for example, see the concept of “IN-mail” checking of message content for malicious code through trusted provider are done before. The far bigger issue the BSI sees on the client side, i.e. at the endpoints of communication, where information is/are decrypted. The clients must be regarded as notoriously vulnerable due to the complexity of the software and the necessary cost of patch. This is also one of the reasons why SECaaS concepts would win in the future as more important, obvious but paradoxical. Another reason is the increasing shortage of IT security experts.

Snowden Affects the Cloud Security Market : Pensive Provider

Who may establish SECaaS, should strive in all cases to ensure a high level of data protection. After all, all American service providers are committed by the Patriot Act to cooperate with the federal authorities following the events of 11 September 2001. No supplier under U.S. jurisdiction can resist the so-called “National Security Letter” which is issued by a secret court and may require them to remain silent. In this situation, The Federal Data Protection Act also prohibits SECaaS vendors to issue customer data, unless it is a publicly verifiable court order.

The aforementioned security of data encryption, even if has minimal errors in the encryption; could compromise safety. Moreover, there is a theoretical residual risk that the security of encryption could be offset by the discovery of a counter-calculation method not revealed yet. But currently there are no signs, since the use of such a procedure would certainly attract attention.

The biggest security problems is rather on the side of the mobile devices, where the boundaries between business and private use are blurred. The classic idea of ??the perimeter of boundary of the internal network by means of firewalls, is more like a “holey fence”. Remedy is only to encrypt the smartphones and tablets.