Originally Posted by Neild
Just curious why this part surprised you. I would think that is pretty much to be expected.
It surprised me because there is a good chunk of the market that doesn't want to host in the US, or perhaps cannot if they're the federal or a provincial government due to the patriot act. That is, when interacting with different customers or doing work for a provincial government I learned that this market exists (for a "Canadian Cloud"). Usually in efficient markets (as I'd certainly describe "web/internet hosting" as an efficient market) needs are met rather quickly.
Now, there are hosts like Cirrus Tech I found that would more than meet the needs for the specific cases I found - but they're not like Microsoft or Amazon when it comes to "cloud". But, if you can deploy specialized VMs running the software you need, what's the difference really?
If I was hosting a solution with a given cloud provider, would I care of my provider had 1,000 servers or 100,000 servers, provided they meet their SLA?
Anyway, my point is that these companies do exist, they're just small potatoes compared to the US hosting companies - and sometimes you need a "hosted in Canada by a non-US company" stamp if you want to get certain contracts.
Originally Posted by Wayne
But still, if you are a company that has highly confidential documents do you trust them with MS as opposed to your own servers? And do you trust the US govt, which has no issue with monitoring friendly heads of state liek Angela Merkel, to not troll through your data?
How do you know that the Canadian agencies (CSIS, CSEC) aren't just as bad or worse? I haven't seen any promises from the Canadian government that they don't engage in such activities, and I've seen news reports in the past couple months that suggests that they do they very same things that the NSA does, sometimes at the request of the NSA.
At a high level what I tell companies is:
- By far, the most likely way that your data will leak is through your employees.
- It doesn't matter where your data is hosted if you're using insecure services like Email. SMTP is not encrypted, so sending a email is like sending a post card. Yet lots of people still transmit passwords this way.
- The reason the USA (and many other governments, I'm sure) can have cost-effective mass data collection schemes is because many of the Internet standards default to insecure settings.
Most websites are HTTP by default, not HTTPS. If all internet traffic was encrypted by default, it would be monumentally more expensive for the NSA to do what it does. They (NSA et al.) would have to resort to targeted attacks to get specific nuggets of data. In my opinion HTTP / port 80 should be stripped from the standard.
Unfortunately this is beyond control of individuals and even big companies. They may "feel good" by selecting a host which is within Canadian borders thinking that it affords some level of protection. In reality, it probably doesn't.