Your digital footprint through a PRISM

SpyingPRISM is a surveillance program used by the U.S. National Security Agency (NSA) to collect and analyse documents, emails, photos and other material from U.S. Cloud and ICT providers, as part of the U.S.’s anti terrorism measures.

The existence of PRISM surfaced when now unemployable former CIA contractor Edward Snowden leaked its workings to expose the mass harvesting of information from major U.S.-based Information and Communication Technology providers, resulting in deep consternation from privacy advocates and with countries outside of the U.S.

The use of PRISM has also placed a  question mark against assurances of privacy and confidentiality on all contracts signed by non-U.S. entities with U.S. Cloud and ICT providers. Is your business likely to be of interest to others?

The covert visibility into our individual and  organisation’s digital footprint by U.S. (and possible other) government agencies, has those concerned over privacy, industrial espionage and intellectual property theft seeking definitive answers to the now-obvious question: Cloud vs. Regulators – Who wins?  Time will tell how our globally dominant digital landlords such as Google, Microsoft, Facebook, Apple, Amazon and others will respond to the increasing concerns of security, confidentiality and privacy in the presence of an overarching eavesdropping environment created by the NSA.

Securing your trade secrets and intellectual property.

At the end of the day, if your organisation has mission critical data and information in the possession of a third party service provider – Cloud or otherwise – the assumption that your provider will be in full control over their environments may be drawn unto doubt. Who forms the daisy-chain of contractors, IT consulting and other service prover used to support your provider’s systems?

As a business owner or executive concerned about who is able to covertly peer into your IT systems that are hosted by U.S. entities, it is wise to consider whether  the potential exposure of your  intellectual property and trade secrets alters your systemic risk profile. This is something that even your own IT consulting providers may not be in position to assist with, as they themselves may also be under the same scrutiny!

So, if your organisation has mission critical, sensitive data and information hosted with an foreign owned or hosted third party service provider – cloud or otherwise – who is having an affair with your data in the happy marriage between your organisation and your service provider?