Why Insecure Data Is Bad for the U.S. Economy

Deep in the interior of British Columbia, Canada, in ranching country known for its short bursts of intense summer weather and dry, temperate winters, the makings of a quiet rebellion are taking root. It’s not the kind of thing that tech companies are prone to talk about here, except when it comes to lauding the growing success of Canada’s data services industry. Building a Canada-strong network in a market once ruled by U.S. expertise can be a political hot potato.

But check the register of IT companies for British Columbia’s popular recreational tourism corridor and the trend becomes clear. Kamloops, once dubbed the “Tournament Capital of Canada,” has a new marketplace taking shape, one that has less to do with hockey and yearly rodeos, and more to do with safeguarding proprietary rights.

Canada’s data security conundrum

Kamloops’ data services industry was already in the making when whistleblower Edward Snowden made his landmark announcement last year that the National Security Agency was accessing customer data. The revelations haven’t hurt Canadian companies like Telus, Rogers and Canada Bell, who have been working steadily to woo data customers.

But it has hurt relations between American telecommunications companies and international clients who anticipated that their data would remain a private matter under U.S. law.

Big Data, big sales

Data management represents a huge portion of the global IT market. In 2013, cloud computing represented $130.7 billion, says the research portal Statista.  And the stats suggest the industry is poised to grow: Projections suggest that number will grow to $154.69 billion by the end of 2014, and another $26.61 billion in 2015.

But in the U.S., where more than half of companies used cloud-based services in 2013, the projections aren’t as optimistic. By December 2013, experts were already anticipating significant losses for large data companies like Hewlett-Packard, Oracle and IBM. According to research published by the Information Technology and Innovation Foundation,  losses to U.S. cloud-computing services will start slow, with an estimated drop in services from U.S. and non-U.S. sources of $3.8 billion. That loss will grow in the next two years, however, and is estimated to be as much as $35 billion by the end of 2016 (see page 6).

Forrester Research places the loss much higher, at as much as $180 billion, as evidenced by Microsoft’s recent loss of business with Brazil, which cancelled contracts after it learned of the NSA spying program. Since that time, Brazil and the European Union have announced a partnership to build new undersea cables between the two continents in lieu of using infrastructure provided by the United States.

The gold standard

U.S. leadership in data services isn’t just defined by investment, says Elliot Goldberg, director of professional services for the telecommunications, cloud-broker and professional services company Osstelco. It’s also defined by reputation.

“It used to be the USA data services were among the gold standard. Now foreign companies don’t trust it that much,” said Goldberg in a recent interview. “Data centers have to be secure. That is the whole point to them. If they are not secure, why move the data off of the company’s premises?”

Goldberg said many companies may encrypt their data when it’s being sent or received, but the real measure of security is its status “at rest.” That is, is it being encrypted while it is being stored?

“Some people want it, some don’t. Some companies are still thinking that it’s okay [if the data is] not encrypted once it is in the data center because if it is encrypted, it takes more time to do the processing. My recommendation to people has always been buy a bigger processor and leave it encrypted,” said Goldberg.

That’s because it isn’t just whether the data may be vulnerable to government security procedures, but also to hackers.

Last year when hackers broke into Target Stores’ data, it put 40 million shoppers at risk for stolen data. The cost for financial institutions that were forced to replace debit and credit cards topped $200 million, but the entire bill for the incident, analysts concluded, was an easy $100 billion.  Again, that’s a cost that doesn’t just hit the bottom line of merchants and financial institutions, but also the confidence and fidelity of consumers who may or may not do business with that company again.

“It takes very little time to destroy [trust],” said Goldberg, “but a long time to rebuild it."

 Moving overseas doesn't assure data security

And data companies that elect to move their storage facilities abroad may be overly optimistic, said Goldberg, who noted that U.S. companies aren’t the only ones that get hacked. He said for his own peace of mind, he would probably trust a U.S. data center before he would move his data overseas.

“But I would encrypt everything with the best encryption policy I could put in my system.” In the long run, he felt a hybrid system that utilized in-house storage as well as the cloud offered the most security. “Depending on the corporate policy, you have to take a hard look at what you put out there, given the risk involved. Data is the life blood of a company,” said Goldberg.

Still, those who expect that U.S. companies that store their data overseas will be safe from prying eyes may be surprised. In July, a New York magistrate judge ruled that Microsoft was still responsible for turning over customer data stored at its facility in Ireland. Data services companies have spoken out in the fray, noting that such a ruling could mean that U.S. data companies like IBM, which has been building a data center in Europe, would still be subject to data review policies of the U.S. government. Although the judge agreed to stay her order while Microsoft files its appeal, such a finding could further erode global confidence in U.S. data companies.

Meanwhile, Canadian companies in western British Columbia’s temperate ranching country, where operational costs of cooling a data center can be markedly less than in climate change capitals like San Diego, Denver or Houston, business is heating up. Telus, which opened its new LEED facility in March, has benefited from years of careful planning, taking into consideration the many benefits of British Columbia’s interior arid climate. The result is a projected $190,000 of annual savings in electricity and the bonus of being able to compete for local Canadian business.

Three other companies own centers in Kamloops as well. While the Tournament Capital of Canada still benefits from American tourism and a healthy rodeo circuit, data companies like Telus, Q9, Perigee and Bell Canada,  which are expected to adhere to Canada’s stringent privacy laws, have observed a valuable lesson: Consumer faith is everything when it comes to data security and a sound economic forecast.

Image credit: Facebook server - Intel Free Press