Survey: Cloud Computing Grows Despite Data Privacy, Security Concerns

Government spying has not crippled the adoption of cloud computing services such as Amazon's (AMZN) AWS platform. That's what Wired reported late last week, in a reminder that security and data privacy in the cloud may not be as important to enterprises as many of us like to think.

Amazon's cloud business expanded by 62 percent over the past two years, according to an independent study, and Edward Snowden's revelations last summer about data snooping by the National Security Administration had no perceivable impact on that growth. Wired takes this as evidence that enterprises are unconcerned about the threat of government intrusion into private data.

That's one way to look at it. Another is that the potential of NSA spying is not very significant, since the cloud would hardly be secure even if the NSA didn't exist. In other words, government surveillance of Internet data is only one of myriad threats to security within the cloud. When you upload information to AWS (or any other public cloud platform), you're putting your faith in Amazon (or another host) not to snoop on your data. You're trusting the people who wrote the virtualization hypervisors, cloud-hosting and operating-system code didn't engineer any back doors into your data. You're counting on all of your information to remain encrypted with unbreakable keys when it is passing through networks and storage nodes that you don't control. None of this is an issue with in-house servers.

This is to say that data in the cloud is inherently unsafe, and any organization that runs anything in the cloud should be acutely aware of this fact. But many enterprises either are not aware or don't care, if the steady growth of the cloud market is any indication.

There are, therefore, two potential conclusions to draw from the enduring popularity of the cloud even in an era when the ability of third parties to sniff data is widely known. The first is that decision-makers who move data to the cloud simply are not fully aware of the security challenges or don't understand their seriousness. That's unlikely, since it's hard for anyone with a basic understanding of how cloud computing—and the Internet in general—works not to appreciate how moving information to the cloud opens up a host of new paths for malicious parties to compromise it.

The second, and likelier, possibility is that the benefits of cloud adoption simply outweigh the security concerns, in the assessment of enterprises. From this perspective, the growth of the cloud despite data-privacy threats is a testament to just how much value it can add to IT operations by offloading computing to out-of-house infrastructure. It's also a sign that the cloud isn't going anywhere anytime soon. After all, if the NSA can't put a dent in it, who can?