PRISM fallout: Can a private cloud appliance protect businesses from prying eyes?

As the internet surveillance scandal continues to unfold, some smell an opportunity. One such player is Protonet, which is set to launch its private cloud appliance on Thursday. Hailing from Germany, the home of data protection, the company is pitching the device as a way for small-to-medium-sized enterprises to enjoy the benefits of the cloud without using suppliers that might have to let the NSA poke around if the agency demands it.
What’s more, Protonet has also just scooped up $1.2 million in funding from local backers Tarek Mueller, Stefan Kolle and Stephan Rebbe, as well as the Hamburg Innovation Fund, in order to push into the European and U.S. markets. Prior to that, it picked up €200,000 ($260,000) on Seedmatch.
The Protonet appliance is basically a good old Linux NAS box, housed in an arguably attractive orange casing with a single button on it, and with homegrown replacements for Dropbox (file-sharing), Skype/Yammer(s msft) (collaboration) and Basecamp (task management) preinstalled. As Protonet “chief satisfaction engineer” Philipp Baumgaertel told me, it’s a plug-and-play affair aimed very much at small businesses that lack IT savvy, but that also don’t trust the cloud very much:

“With PRISM and Tempora going on, demand is pretty much rising. Most stuff is moving into the public cloud and the cloud itself is not a bad thing, but lots of companies feel uncomfortable about putting their data into the cloud.”

Prices range between €2,749-€4,099 ($3,574-$5,330) before tax, depending on the chosen configuration (it takes up to 16TB of RAID5 storage and can pack a quad-core 2.5GHz Xeon(s intc) processor). It’s not the cheapest small-business server out there, but it can pack a punch and, as Baumgartel noted, the real value is in the zero-configuration Protonet SOUL OS software package, which just happens to come with hardware as an extra selling point.
“It doesn’t feel any different than working with the cloud, but it doesn’t [interact with] a server in the U.S. or somewhere,” he said.
So, will it protect small businesses from prying eyes? That’s a tricky one to answer while we still don’t know precisely what the PRISM, Tempora and Boundless Informant programs entail. What we can say for sure is that it’s a safer option than going with a U.S. cloud provider that will have to do what the U.S. security services tell it to do.
However, that’s not to say what Protonet is offering is entirely safe. According to Edward Snowden, the British Tempora program involves sucking data straight off the cables that form the backbone of the internet. If that’s true, then the intelligence services don’t need to be dealing with a pliable cloud provider to get what they want, and for European users there’s not a huge difference between an appliance such as this and simply using a European cloud provider.
From Protonet’s side, the company uses SSL encryption for communications – the system does need to service mobile devices after all – and claims it’s as safe as online banking. Baumgartel conceded that, since we don’t know the full capabilities of the NSA, GCHQ and their partners, it’s hard to promise anything more than that. (Of course, the metadata associated with mobility can introduce unwanted transparency all on its own.)
In other words, the private cloud appliance may be a good option for businesses that fear the worst but haven’t entirely given up hope that privacy may still be an option.