Recent revelations (mid-2013) of data collection by the NSA (PRISM) and GCHQ (Tempora) in cooperation with the biggest computer companies in the USA have made us aware of the massive scale at which the privacy of companies and individuals is being infringed. Here we are taking a look at what this means for European enterprises and what options they have to protect themselves against the large scale industrial espionage that is going on.
Most of us assume that as long as we do no wrong or nothing illegal, we have nothing to fear. This article “Yes, NSA surveillance should worry the law-abiding” in the Guardian, one of the UK’s leading newspapers, sheds some light on why we should not take this for granted.
Unfortunately business and industrial espionage is one of the biggest areas of activity of today’s intelligence agencies, even among countries that are otherwise friendly and share the same political ideals.
What does this mean for European companies?
If you are using USA or UK hosted computing and storage resources, you need to be aware that not only can the intelligence agencies of these countries spy on your data, but even on the access patterns of users of your data. Watching the access patterns to company confidential data can quickly provide information about who is using such data and its importance. For example confidential data exchanged with business partners under non-disclosure agreements can cause serious damage when they end up in the hands of competitors.
Product innovations, future patent filings or project bids are coveted targets of industrial espionage. Having this sort of data hosted in a country whose intelligence services can “persuade” a cloud provider to share data with them is a huge security risk. European companies, especially those on the continent should seriously look at European cloud hosting to prevent being at the mercy of such pressure tactics by foreign intelligence services.
As a European company, what can you do to improve the security of your data?
- Use a cloud provider in a safe continental European destination with strong data privacy laws like Switzerland. It is important that your cloud provider cannot legally be coerced into parting with the data of its clients without a proper reason.
- Encrypt all data transmissions: make it difficult to eavesdrop on your communications
- Use industrial grade encryption for all data storage: this will make it very difficult to access information even if access to a harddisk was gained somehow.
- Use industrial grade encryption for all backups: don’t forget that gaining access to your backups is as good a way of getting confidential information as the real thing. So backups also need to be specially guarded.
- Audit your Disaster Recovery plans to identify potential weaknesses that may allow access to sensitive data.
We will take an in depth look at the safety of European jurisdictions for companies in a separate detailed upcoming blog post.
About Safe Swiss Cloud:
Safe Swiss Cloud‘s mission is to provide organizations in Europe with a safe cloud computing alternative which is not subject to unnecessary snooping and misuse of data.