What the NSA Revelations Mean for Business Continuity

Although the dust hasn’t yet settled on the Edward Snowden revelations about the activities of the US National Security Agency, the consequences already extend beyond the purely technical. While the immediate reaction was to think of better ways in which to encrypt data, it also dawned on foreign organisations that they might want to review certain business relationships. The idea that the NSA could have direct backdoors into many US companies dampened the enthusiasm of certain international entities to continue trading with them. But will American enterprises alone have to increase their efforts to maintain business continuity, or are companies in other countries affected too?

America has been the most visible country in the press coverage about the existence of widespread snooping campaigns. But it also operates surveillance programs in tandem with a number of other countries – Australia, Canada, New Zealand and the UK – in a group known as the Five Eyes. In theory, the reticence by foreign entities to do business with companies in the US could spread to a move to reduce business activity in general with its other surveillance partners. Where else could foreign customers go? The BRIC countries are one choice, with China and Brazil in particular rising in economic and technological power.

Meanwhile, cloud providers have been advertising encryption services of different kinds to try to reassure companies fearing for their privacy and business continuity. Yet encryption, for example to the 256-bit AES specification, will only keep data safe from those who don’t hold the encryption keys. If a cloud operator does the encryption, the confidentiality of the encrypted data may already be compromised. Some online storage companies are offering solutions in which encryption is done before the data reaches the cloud, and the customer is the only one to hold the key. Of course, if the customer loses the key, the encrypted data becomes useless. It looks like, thanks to the NSA, everyone will need to put on their business continuity thinking caps for a while.