For Jeremy Lindhoff, one NSA powerpoint slide in a recent article based on materials released by whistleblower Edward Snowden caught his eye. “The diagram shows the NSA intercepting data between our datacenters, without approaching us with a court order to discover our customer’s information.”

His operations team at a large US cloud provider was tasked with identifying ways to protect their customer’s data from what they saw as rogue surveillance. Cloud Encryption, that is encrypting data as it travels between the company’s datacenters, was decided to solve the surveillance problems.

Inside the firewall, data is protected by encryption and data loss prevention policies. With more corporate data moving to the cloud, the network edge is also moving from the firewall into the cloud. Companies need more than a firewall, they need a virtual “cloud edge” to protect data wherever it goes.

The cloud encryption schemes not only protect data as it transits between datacenters, they also apply it to data stored in server farms. That way, if an attacker were to breach the network defenses and gain access to the information, it would be inaccessible and unreadable without the encryption keys to decrypt the information. In a sense, encryption is an additional layer of protection, a final defense against security breaches or third party surveillance of data as it moves around the Internet.

Their solution does not distinguish between an attacker and any unauthorized third party. “We liked the solution because it doesn’t matter if the intruder is a government agency without permission to view the data, or a cyber criminal, the data is always protected no matter if it’s stored or being moved between datacenters or between a datacenter and the customer,” said Lindhoff.

“Ultimately, every cloud provider will need to embrace a level of security that meets the needs of their customers in order to address customer fears,” says Luke Abbott, an information security analyst and advisor to corporate clients investing in technology. According to Abbott, cloud encryption is the ideal defense because it prevents surveillance, security breaches, and maintains the end user experience.