Has PRISM Changed Perceptions of Cloud Security on Wall Street?

While government snooping and data collection on citizens was already known—or at least suspected—by some, I was taken aback by the scope and magnitude of oversight revealed by Snowden.

Wired magazine’s James Banford recently wrote an excellent piece on the clandestine US cyber army led by general Keith Alexander, which oversaw the launch of Stuxnet, “a piece of malware designed to destroy physical equipment,” and Endgame Systems’ Bonesaw, “a unique map showing [agencies like Cyber Command, the NSA, the CIA, and British intelligence] exactly where their [human] targets are located.”

(For more reading, Banford has been all over data surveillance for a while now.)

The July issue of Waters magazine features a profile of John Shea, CIO at Eaton Vance, a $260 billion asset manager. In it, Shea says he’d like to see the financial industry do more work with big data-related initiatives, but do less with the cloud.

I think Shea’s opinions carry more weight than others in his position because he spent 10 years on active duty in the Navy, and 20 more as a reservist. At one point, he was number three in command on the USS Groton submarine during Operation Desert Storm. He has both a military and security mind, with a technologist’s education.

From the profile:

He’d like to see the financial industry do more work around big data, and less around cloud. Big data isn’t understood nearly enough, he says, especially the “data scientist layer” in which the data is filtered, normalized, and analyzed with mathematical models. In six or seven years, he thinks big data could change the fundamentals of how business is done—for example, by isolating productivity to a degree that employees will be paid for creating a certain number of “value units,” whether that takes them four hours or 11.

Cloud adoption, on the other hand, is moving too fast. The issues around protecting customer data have not been solved nearly to his satisfaction.

“Anything we’re doing on the internet now is more vulnerable than it was five years ago because of advanced persistent threats,” he says.  “You have nations—China, Russia—where they have labs that look at the vulnerabilities in our operating systems before the patches can happen. When I started here, I pretty much had three main lines of defense. I had a firewall, I had antivirus on the desktop, and I had intrusion detection. I have 14 methods of defense now. You want to be real careful where you put your data now. On the other hand, I trust State Street. I trust Bank of New York. I trust Bloomberg. I trust FactSet. For all intents and purposes, that’s Eaton Vance’s core assets and data in the cloud. Amazon? Rackspace? Maybe not. It’s a constant management exercise.”

Trust may be waning on Wall Street, however. In the aftermath of the PRISM revelations, companies like Apple, Google and Microsoft have taken their lumps in the press as questions have arisen about how much customer information they were forking over to the government. And then, of course, there was the May scandal that rocked Bloomberg when it was revealed that the data giant was monitoring client communications and usage data.

As of a year ago, it seemed to me that there was a real tipping point on the buy side and that most every firm was comfortable with cloud-based technologies. At our conferences, nearly everyone had some sort of cloud deployment under way at their firms.

But perhaps recent events might stall those gains. It will be interesting to see if, as Shea notes, the industry takes a step—even if a tiny one—in that direction, in light of these security-related stories. (Note: Shea's interview took place before the PRISM revalations.)

What do you think? Give me a call at +1 646-490-3973, or send me an email at anthony.malakian@gmail.com.