Has the Snowden saga effected IT decision makers?
With hackers demonstrating increasingly sophisticated ways of intercepting sensitive information, cyber security remains one of the biggest concerns facing IT professionals in 2014.
Businesses cannot afford to take chances when it comes to protecting data, as fines for non-compliance are huge and it can also be difficult to recover from the reputational damage that a high-profile security breach can bring. More companies are outsourcing their IT services to third-party cloud computing providers, which makes the situation even more precarious.
A recent study conducted by Vanson Bourne on behalf of NTT Communications showed that the saga surrounding Edward Snowden - a former contractor to the US National Security Agency (NSA) - has had a dramatic impact on the decisions made by IT specialists across the globe. Mr Snowden alleged that US government officials are involved in widespread clandestine cyber-surveillance activity and this has heightened concerns that companies' private data is at risk.
What exactly are IT decision makers doing differently?
Vanson Bourne conducted a survey that included 1,000 senior IT professionals from the US, UK, Hong Kong, France and Germany. The most interesting finding from the study was that as many as nine in ten decision makers have changed their cloud buying behaviour as a direct result of Mr Snowden's revelations.
Len Padilla, Vice President of Product Strategy at NTT Communications in Europe, said: "Our findings show that the NSA allegations have hardened IT decision makers' attitudes towards cloud computing, whether it is modifying procurement policies, scrutinising potential suppliers or taking a heightened interest in where their data is stored."
According to the study, businesses are now more conscious about the location of their stored corporate data. Only five per cent of respondents said that it does not matter where information is physically kept. Around 31 per cent of IT managers have moved their data since the NSA scandal came to light.
The saga has also made businesses more wary about storing data in foreign countries. 97 per cent of firms in the EU said they wanted to keep their data in their homeland, while 92 per cent of US-based organisations said likewise. More than half of the respondents (52 per cent) added that they now conduct more stringent checks on their cloud providers to ensure they are trustworthy and around 84 per cent of businesses believe they need more training on data protection laws.
Many companies are yet to make the transition from legacy equipment to cloud computing and the Snowden accusations have made a lot of IT professionals think twice about making the change. 62 per cent of firms that are still using dated computer systems confirmed the news has prevented them from migrating to the cloud, while one in six organisations revealed they had delayed or cancelled contracts since the Snowden story came to light.
Mr Padilla thinks this reluctance to progress could hinder businesses. He added: "Despite the scandal and global security threat, business executives need to remember that cloud platforms do help firms become more agile, and do help foster technology innovation, even in the most risk-averse organisations.
"IT decision makers are working hard to find ways to retain those benefits and protect the organisation against being compromised in any way. There is optimism that the industry can solve these issues through restricting data movement and encryption of data."
Angela Merkel speaks out
German Chancellor Angela Merkel has been highly critical of the NSA's supposed digital surveillance tactics and has proposed the separation of data networks. According to the NTT Communications study, 82 per cent of all IT decision makers support her stance on the issue.
The US government was meant to be providing assurances to Germany about its alleged spying tactics, but a close ally of Ms Merkel has confirmed that she is not happy with the response. Speaking to German weekly magazine Der Spiegel, Thomas de Maiziere, one of the Chancellor's closest cabinet allies, said: "The information we have so far is insufficient.
"US intelligence methods may be justified to a large extent by security needs, but the tactics are excessive and over-the-top."
Leading German government officials are expected to meet with their US counterparts in early May 2014 and IT professionals in both countries will be keeping a close eye on developments.
Is cyber crime a big problem in Germany?
Germany has a thriving technology sector and also has one of the strongest economies in the world, which makes it a prime target for spying activity and cybercrime. There have been some high-profile security breaches in the past few months, the most recent of which saw 18 million email addresses and passwords stolen. Information protection authorities in the north-western city of Verden confirmed that hackers had been using the emails fraudulently and this breach came just three months after the security of 16 million other accounts was compromised.
These cases have heightened concerns about data security and have piled even more pressure on IT professionals in the public and private sectors.
Dealing with insider threats
Clearly IT decision makers face a difficult challenge to keep all of their data and systems as secure as possible. If the constant threat of expert hackers and spying governments was not enough for IT departments to deal with, it seems many firms are very concerned about insider threats too.
A recent study undertaken by Ovum on behalf of data and cloud security specialist Vormetric showed that only nine per cent of IT specialists in the UK, France and Germany feel safe from internal attacks on their systems. Around 47 per cent of the 500 respondents said it is now much harder to detect insider threats than it was in 2012 and many firms are wary about giving employees and even senior managers access to sensitive corporate data.
Alan Kessler, Chief Executive Officer for Vormetric, commented: "Despite the growing frequency of insider threat-related incidents in the news, the report shows that organisations are still at the early stages of managing this data loss vector.
"Results show a growing awareness of insider threats, but the rapid growth of sensitive information within organisations, and the use of new technologies such as Cloud and Big Data, makes the prospect of securing data with a growing number of point solutions expensive, operationally complex and an impediment for rolling out new services."
Mr Kessler added that companies must take a "data-centric approach" to cyber security, whereby they introduce encryption and access controls to ensure only the most trustworthy employees can access data.
Conclusion: Can businesses cope with growing cyber threats?
It is clear from the NTT Communications study that the Edward Snowden allegations of government spying have heightened fears about cyber security on an international scale. Many IT decision makers were already sceptical about the security of cloud computing services and these revelations have done nothing to quell these concerns. The recent high-profile data breaches in Germany show that businesses and public sector bodies in this country must continue to improve their defences.
Protecting data against external and internal threats can be costly and firms will need to reassess how much of their budget is allocated to data security. It is important to remember that although the initial expense can be high, it will be worth it in the long-term, as companies that suffer a security breach are often given massive financial penalties and the negative publicity can have a devastating impact on their business.
Even companies that have spent vast sums of money on improving their defences can find it difficult to stay one step ahead of hackers, who are coming up with increasingly clever ways of intercepting data, so it is vital that IT professionals stay up to date on data breaches elsewhere and then take measures to ensure the tactics used in these cases cannot be deployed on their own business.