Foreign Businesses Flee US Cloud Computing, Survey Finds - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud // Software as a Service
09:16 AM
Connect Directly

Foreign Businesses Flee US Cloud Computing, Survey Finds

Concerns about NSA surveillance driving some Canadian and UK companies to take their cloud computing business abroad.

Top 10 Cloud Fiascos
Top 10 Cloud Fiascos
(click image for larger view)

Fully a quarter of businesses are moving data out of the US as a result of revelations about the scope of data gathering by the US National Security Agency, claims Canada-based cloud hosting provider PEER 1 Hosting.

Some qualifications apply: The survey behind the company's assertion doesn't cover 25% of all businesses. It describes findings from a 10-minute survey of 300 small companies -- 250 employees or less -- based in the UK and Canada.

When the sample is confined to just Canadian companies, 33% say they plan to move data out of US datacenters. Evidence of that exodus isn't extensive: PEER 1 was able to point to one client, iDigital, that has been dealing with data flight.

Matt McKinney, managing director of iDigital, an 85-person cloud hosting provider based in British Columbia, Canada, said in a phone interview that privacy is particularly important to Canadians, noting that the country has been aggressive in dealing with online privacy through its regulatory agencies.

McKinney said customers began asking where iDigital's servers were housed two or three years ago, when concern about the implications of the US Patriot Act became more widespread. The NSA revelations last year, he said, "were the straw that broke the camel's back. Eight out of 10 questions from customers now deal with governance, compliance, and data storage."

During the past 12 months, McKinney said, a substantial number of iDigital's 18,000 customers have been moving data that had been housed in Dallas, Texas, to north of the border, despite the costs being slightly higher. He estimated that the company is handling 10 to 15 migrations a week and claimed that other hosting companies like HostGator and Rackspace have seen customers move north.

Acknowledging that data may be sought by authorities in Canada, as it is in the US, McKinney suggested that Canadian companies, because of the cultural importance of privacy in the country, would be more likely, and better able, to resist overly expansive demands for information than companies in the US.

"Companies like Microsoft and Google just don't have the option to say, 'No, I won't give it to you,' because of the Patriot Act," he said.

(Image Credit: Bruce Clay, Inc.)
(Image Credit: Bruce Clay, Inc.)

(In fact, US companies do have the option to resist, but may be forbidden under the Patriot Act from disclosing demands for information or legal filings in opposition of said demands. The extent to which the US judical branch sees a legal basis for opposing demands for access made under the mantle of national security is another matter.)

PEER 1's survey finds that despite rising mistrust, the US continues to be the most popular place for companies to host data (51%) outside of their home countries. That suggests the perception that data insecurity is at least as bad outside the US. A Der Spiegel report says that the NSA has a lengthy catalog of exploits with which to compromise commercial IT gear, so it appears that the only secure computing device is an abacus muffled in a black bag. Presumably, every national intelligence agency with even a modicum of ambition aspires to total information awareness.

There's little doubt that the ongoing reports about the NSA's reach and methods, based on documents leaked by former NSA contractor Edward Snowden, have provoked anger, frustration, and calls for reform among companies, legal experts, security professionals, and lawmakers around the globe.

In fact, PEER 1's survey aligns with warnings from other groups with perhaps less of a vested interest in such findings. The Information Technology and Innovation Foundation (ITIF), a technology think tank, projected last August that US cloud computing providers would eventually lose 20% of the foreign market to competitors. In dollar terms, it projected losses as high as $35 billion by 2016.

The ITIF based its projection on a July 2013 Cloud Security Alliance survey. It relied on 456 responses to an online survey, 234 from the US and 222 from other countries.

Daniel Castro, an analyst at the ITIF, said in an email that PEER 1's findings are on the high end of what he'd expect. He said his organization's previous estimate assumed no more than a 5% drop in foreign companies buying cloud computing services in the first year.

While noting that that value of cloud contracts with small businesses isn't easily compared to what medium and large companies buy, he said that PEER 1's findings support the ITIF estimate and indicate that policymakers should be paying attention to the issue.

But Castro said the US government has failed to respond adequately to the economic impact of its intelligence operations. "US companies are at an unfortunate disadvantage and the intelligence community has done little to remedy this situation," he said. "The policies that led to this situation have not changed and are currently in direct conflict with the economic strategy of the nation which is to promote a level playing field for US companies abroad."

Thomas Claburn is editor-at-large for InformationWeek. He has been writing about business and technology since 1996 for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television. He's the author of a science fiction novel, Reflecting Fires, and his mobile game Blocfall Free is available for iOSAndroid, and Kindle Fire.

Can the trendy tech strategy of DevOps really bring peace between developers and IT operations -- and deliver faster, more reliable app creation and delivery? Also in the DevOps Challenge issue of InformationWeek: Execs charting digital business strategies can't afford to take Internet connectivity for granted.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
1/15/2014 | 11:59:27 AM
Fear, Uncertainty and Doubt: Still a marketing tactic?
While I absolutely understand the hestitation of companies to leverage US based cloud services due to the fear around the NSA leaks, the reality is that sadly a lot of the more established cloud providers are US companies.  That being said, this means it is a great opportunity for startups in the UK and Canada to start to build competitive services to meet the needs of the market.  The only downside is that funding for these startups is very scarce, especially in Canada. So we are just not seeing the innovation and startup pool that we would like.

As for the figures themselves, its always going to be need to be taken with a grain of salt.  These are projected "poor us, this is how much we are hurting" but the reality is that the market itself might have slowed down.  If indeed these services are being avoided, the subscriptions must be going somewhere else.  I'd be curious to see if there is a revenue shift geographically for cloud providers as a result. That will be the true test.
User Rank: Strategist
1/13/2014 | 8:19:49 PM
While Patriots strut, Canada gets stronger
Other countries, particularly Germany, UK and France, have laws on the books like the Patriot Act  but they are not so foolish as to trumpet them as the work of patriots. They are special provisions buried in existing laws or given much more non-descript names. In the Netherlands, for example, the government's power to snoop is in Artical 2: 2(b) of the Personal Data Protection Act. America, home of the golden arches, doesn't hide its sins of excess behind a veil. See, "Is Cloud Computing A Global Market Yet? Nyet."  On the other hand, Canada continues to develop stronger and stronger indigenous cloud service suppliers, like CentriLogic in Toronto. See
User Rank: Author
1/10/2014 | 3:52:31 PM
Figures Hard To Believe
These figures sound overblown. And even if they're indicative, one has to wonder whether pulling out of the US is a realistic answer -- and for that matter, whether there are really any safe data havens in the world.  The laws on data sovereignty from country to country are a mess, and likely to remain in flux, as Daniel Castro, quoted in this article, discovered in preparing a report he and the ITIF released recently. The report called for a "Geneva Convention" to address the complex maze of data laws that affect growth of cloud computing and global trade.   (You can read more at Tangled Data Protection Laws Threaten Cloud, Critics Say).
User Rank: Author
1/10/2014 | 12:47:53 PM
More To Learn
The author does a good job of showing the weaknesses of this research, so I wouldn't jump to too many conclusions based on it. What's I'd like to see is a comprehensive, truly international study on this subject.
User Rank: Strategist
1/10/2014 | 11:00:19 AM
Re: Is anywhere safe?
This is precisely why I don't use my Facebook account or even have a Twitter account. If my correspondence contains anything that needs to be secure, I use snail mail. I will NEVER use cloud computing for any reason. If there comes a time when that is all that is available, I guess I'll just retire my internet connection and go dark. Security promises mean nothing in this time of data overload.

Now, we can't even trust our own government. I admit that I am an old man. I still have my original Social Security card that I got when I was in the 8th grade so that I could get work with a work permit. The government (OUR government) printed the following on the bottom of ALL Social Security cards back then: "For Social Security and Tax Purposes Only - Not For Identification". They had promised my parent's generation that no citizen of the United States would ever be given a universal identification number as Germany had done. We all can see how that has worked out.
User Rank: Ninja
1/10/2014 | 10:57:39 AM
Hard Spot
The Patriot Act really puts U.S. technology companies in a tough spot.

And while these companies are saying that the NSA revelations are not affecting their business, I think we all know that they are on some level. 
David F. Carr
David F. Carr,
User Rank: Author
1/10/2014 | 10:14:36 AM
Is anywhere safe?
Is there any good reason to believe the NSA doesn't also have its fingers in data centers outside of the U.S., with or without the operators knowledge? The agency's mission is supposed to be connecting signals intelligence from around the world, is it not?
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll