Well, I don't think this news is very surprising at all. But, I think it's important to put some factual information on the table versus just a bunch of hearsay. The article from Datacenter Dynamics does a pretty good job of spelling out the specifics of how the NSA changes cloud buying patterns.
"According to a survey by NTT Communications, which questioned 1,000 ICT decision makers on their approach to the Cloud, revealed nine "major" after-shocks from the NSA scandal."
- 88% of ICT decision-makers are changing their cloud buying behaviour, with 38% amending their procurement conditions for cloud providers
- Only 5% of respondents believe location does not matter when it comes to storing company data
- 31% of ICT decision-makers are moving data to locations where the business knows it will be safe
- 62% of those not currently using cloud feel the revelations have prevented them from moving their ICT into the Cloud
- ICT decision-makers now prefer buying a cloud service which is located in their own region, especially EU respondents 97% and US respondents 92%
- 52% are carrying out greater due diligence on cloud providers than ever before
- 16% are delaying or cancelling contracts with cloud service providers
- 84% feel they need more training on data protection laws
- 82% of all ICT decision-makers globally agree with proposals by Angela Merkel for separating data networks
From the survey results above it clearly looks as if the NSA revelations have shaken the cloud marketplace. In my opinion it's important to note that the NSA has just as much visibility into private networks as they do into cloud networks. Documents have come to light that show arrangements with multiple vendors that supply on site equipment and software. The only way to truly have private data, is to keep it in a location with no access to any network whatsoever. I think the other interesting implication from these results is that there is some sort of safety by moving your data across geo-political boundaries. It seems to me that there is much less scrutiny over cyber spying when the target is outside of the United States. Ultimately, the long term spying policies are decisions that will be made at the voter booth. We can only hope the public is informed of the details.