Wow, keep whatever paranoia-inducing substance you have ingesting away from me! Do you really think any surveillance agency has time to steal designs, or maybe more importantly, care what you are doing? I am afraid you think too highly of yourself.
You must be equally naive to think surveillance with other technologies hasn't been happening for centuries. What makes to the internet so special or different?
Getting back to the subject of this article, I believe all avenues to reduce the entry threshold for design start-ups should be considered a positive thing, no matter where the company is located. (by the way, most US companies operate globally these days, so your comments are also out-dated from that perspective)
It is obvious that all countries are doing everything that they can to follow the US's "leadership" in ubiquitous mass survellence. The UK is also one of the worst offenders, and works fist-in-glove with the US. The UK are the glove, and the US inserts its fist (ahem)
I do think the US should be held to higher standards than other countries for several reasons...
1) The operating systems, crypto standards, and chipsets used in most IT systems worldwide are all made in the US, so the US has a special responsibility not to compromise their security.
2) The resources made available to the NSA dwarf anthing else in the world and it is totally out of control.
3) The US does mass survellence but claims to be "the land of the free" etc.; at least China is honest about being a police state. The US are supposed to be the good guys!
As the quote goes "Just because you're paranoid doesn't mean they aren't out to get you". So it is not paranoia if they openly admit to being out to get you (or everyone in this case).
It is simply commercial prudence to not connect machines with confidential commercial information on them to the internet.
Corprate engineering data needs to be processed in-house on an ISOLATED network. that means an air-gap, not some firewall made with a US or Huawei chipset with state-sponsored backdoors.
If the government really needs to look at the data then they are still able to present a court-order and the data will be handed over. In practice of course they would never do this becuase they would need to publicly give the court a good reason, and stealing corporate IP has nothing to do with their stated aim of preventing terrorism.
Isolated networks simply don't get viruses, malware, spam, phishing emails, or DOS attacks. If you need a PC with internet access that's fine, just don't use that one for doing business-critical design work on, and don't transfer media or files between the two systems without a stringent malware checking process.
Remember, Stuxnet was specifically designed to infiltrate an isolated network, and it got in by exploiting a (human) weakness in the procedures for connecting media like CDs and USB sticks to the isolated network.
Farming out data to 3rd parties who do not also follow the same security practices is as good as giving your designs away.
As a bit of trivia, if you want to blame someone for this whole debacle, then blame Elizabeth the 1st of England (1558 AD – 1603 AD), who was responsible for creating the original "secret service". The NSA and GCHQ are both directly descended from this organisation.
On the positive side, I see a benefit for the start-up or smaller companies as the shared software tools are made available on the cloud at a lesser price. But security must play an important role before the companies start using this kind of services. Also why to restrict to verification softwares only? Why can the development softwares not be share on cloud similarly?
hey now, the americans aren't the only ones you need to worry about. You think there aren't a plethora of interested eyes in southern asia as well? Be paranoid, but be paranoid about EVERYONE!
Security for cloud services is huge. I think it can be ironed out though. See the fact that you're uploading it seems big, but it is only a small additional security issue. Is your current company secure even though they don't claim to be a cloud service? Is your data actually any more protected from theft at a 3rd party verification house that isn't under scrutiny for being "online"? They all have internet connections.
As a european business owner, there is no way that I would allow our commercially sensitive product designs to be uploaded to cloud servers based in a "rogue state" known to have deliberately compromised cryptography standards and an with active and openly stated policy of hacking the private data of all foreigners, including betraying the trust of friendly allied nations like France, Germany and the UK.
It saddens me greatly to say that, yes America, I am looking at you.
Whilst the US continues with its policy of the wholescale hacking of all foriegner's data stored-in or passing through the US, foriegn busineses will not invest in the US economy and won't trust US Cloud services to be secure.
Whilst terrorism is always touted as the NSA's excuse for its hacking programme, foriegn companies would need to be incredibly naive to assume that the US government wouldn't use all the valuable confidential corporate data it steals to give the US economy an unfair competitive advantage. We weren't born yesterday!
Clean up your act and we can do business again. Until then, our private commercial data stays on a secure isolated network.