Can European Telcos Protect Customers From The NSA?

CloudSecurityWorkspace
birger steen parallels lead

European telcos could ease customers’ fear of US-based surveillance, if they can build the right services, says Birger Steen

Data security, privacy and sovereignty are more critical than ever in the cloud market. But do European telcos have the cloud platforms needed to retain and protect customers?

Long before Edward Snowden’s leak made the world aware of the spying programmes of the United States’ National Security Agency (NSA) and Britain’s Government Communications Headquarters (QCHQ), “security” was already one of the biggest inhibitors to the adoption of cloud services – a fact which media and analysts have widely reported. Even before Snowden, security concerns  dwarfed other inhibitors to public cloud adoption, according to a 451 Research survey of global IT executives (as seen in the below chart).

Time to regulate the cloud?

concern about cloud hosting - PrallelsBefore the US and UK spying scandals, Gartner predicted that cloud adoption in Europe would trail the US by upwards of two years because of issues around security and data sovereignty. Now, in light of the current situation, individual European countries and the EU as a whole are looking to take protective steps to further regulate cloud computing around things like territorial sovereignty, international transfer of data, and the location of servers.

So where is all this headed? Issues of data privacy and security will affect how European cloud providers build and market their services.

For example, Deutsche Telekom indicated it was contemplating an inner-German or inner-European Internet in which data would no longer be routed and stored via other continents. Such a service could be welcomed by Germany’s smaller businesses, according to  Parallels SMB Cloud Insights, which found that 49 percent of SMBs in that country are concerned about moving an in-house server to the cloud because of security.

The EU Commission is not a fan of this proposal, believing it would be counter-productive for European businesses. Regardless, Deutsche Telekom has already indicated it will launch a new business service in 2014 dubbed “Clean Pipe” designed to reroute the traffic through its data centres in order to “secure and clear” the traffic before it hits a customer’s network.

Meanwhile, Swisscom announced its “Swiss Cloud,” in which servers are locally hosted in Switzerland and all client data is stored and remains in-country. Swisscom specifically noted in the release that this offering is “unrelated” to recent NSA revelations but is driven more by a desire to cut costs and make systems more dynamic. Nevertheless, Swisscom is clearly targeting Swiss customers, promising the best possible efforts to shield customer data from foreign intelligence services. Swisscom also notes in the future it may support demand from foreign companies seeking a privacy haven, of course drawing parallels to the Swiss banking industry.

Additionally, Tapstorm (Telenor Business Internet Services AS), the global cloud service company in Telenor Group based in Norway) is now offering its customers a choice between Microsoft Office 365, hosted outside the country and an in-country, Microsoft Hosted Exchange service. This is an excellent example of adapting to the market by giving customers flexibility and options based on their business needs and security preferences.

Put your data where you want?

According to Jie Zhang, CEO of Tapstorm, “We did not want concerns over where a customer’s data would be housed to prevent the growth of our cloud-based communication and collaboration services. Cloud services are supposed to give our customers freedom to decide where to store their data. We have our recommendations for different user cases according to our experience, but we follow the decisions of our customers in the end.”

However, the reality is that many telcos face significant operational challenges with their provisioning and billing systems when faced with a decision to launch a new service or offer a secondary service side-by-side. For some operators, rolling out a new service could even take upwards of a year to make sure all the internal systems are aligned, configured properly, and correctly presented to the customer through their online and offline channels.

These challenges get even more complex if some services offered to customers are hosted internally by the telco while others are syndicated and hosted in various data centres around the world. Syndicated services like Microsoft Office 365 are growing in popularity, but locally hosted options may be required due to ongoing security concerns, so telcos will need to have Operational Support Systems (OSS) and Business Support Systems (BSS) that can keep up.

Specifically, cloud-enabled OSS/BSS systems must provision both locally hosted and syndicated services quickly, while managing the underlying technical issues of data privacy and sovereignty. Furthermore, the technical complexity needs to be seamless for the customer, while telcos will likely want to be transparent around the location of customer information to address security and data sovereignty concerns.

Moving into 2014, security, privacy and data sovereignty will remain centre stage in the European cloud theatre, as individual countries, the EU Commission, and European telcos attempt to address customer concerns and market demands. According to Philbert Shih, founder of Structure Research, “We expect to see more European telcos launch in-country cloud services alongside syndicated services. It should become very clear which providers have the internal agility to adapt to the market and which ones are challenged with legacy, pre-cloud systems.”

Birger Steen is CEO of cloud software firm Parallels, whose cloud delivery product, Parallels Automation, is designed to address data sovreignty and security issues. 

Read also :