I'll write more on the Snowden issue later this month, but for now let's me just say that since the NSA was spying on everyone – foes, allies, U.S. citizens, the editorial staff at Cat Fancy magazine (okay, I'm joking with that last one; well, I think I'm joking) – I doubt blacklisting U.S. cloud service providers would do much good. However, it's at least a factor to consider.
Edholm noted that smaller European companies don't worry so much about the NSA issue, but larger enterprises that have regulators constantly breathing down their necks may not be willing to take the risk of adopting cloud services from U.S. providers.
George Do, Director of Global Information Security for Equinix, has set out to solve the Shadow IT problem by becoming an early adopter of a new technology himself.
Equinix was an early tester of startup Skyhigh Network's cloud security services. "I'm not sure we were the very first tester, but we were certainly one of the first," Do said.
Skyhigh Networks' cloud security service automatically discovers which cloud services various departments and employees are using. "We just forward them device logs, and they figure it out for us. It's all automated, and their system automatically generates risk scores," he said.
For instance, if your sales team has adopted salesforce.com, you'll see a pretty low risk score. Various security issues have already been addressed, although you may still need to block certain types of activities, such as downloading contracts onto a mobile device, that are too risky to allow.
After discovery, the Skyhigh Networks platform enforces various security policies, and includes features such as automatic data leak prevention.
What happens, though, when some service eagerly adopted is too insecure to accept?
"This happens less often than you'd think, and the risky services tend to be from Mom-and-Pop shops. In those cases, it's simply a matter of informing people that there's a better tool out there, one suited for enterprise activities," Do said.
In the future, IT's power could actually grow because of this trend. For example, if IT learns that users love a certain tool, but it's insecure, they could have leverage over the vendor. They may even have equal leverage over the competing vendor who provided the IT-preferred tool, especially if IT can show that employees don't like it because of, say, ease of use issues.
IT could become the hammer that pounds vendors into shape. If you're a cloud provider worried about losing a big customer like Equinix, I imagine you'd be pretty motivated to address their concerns, especially with a bright red risk score staring you in the face.
Jeff Vance is a technology journalist based in Santa Monica, Calif. Connect with him on Twitter @JWVance.