By Kelley Chittenden
 |
|
Photo Credit: www.perspecsys.com Photo License
|
In an attempt to assuage data
security concerns in the cloud, Microsoft Corporation recently announced the decision to offer European
customers an option to store their cloud data in German data centers under
control of T-Systems, a subsidiary of Germany’s largest telecommunications
company, Deutsche Telekom. In the words of Deutsche Telekom’s CEO, Timotheus Höttges, “Microsoft
is pioneering a new, unique, solution for customers in Germany and Europe. Now,
customers who want local control of their data combined with Microsoft’s cloud
services have a new option, and I anticipate it will be rapidly adopted.”
The
Financial Times reports Microsoft’s lawyers believe they have devised
“bulletproof” legal arrangements in Germany. The company plans to offer cloud
services such as Azure, Microsoft Office 365, and Dynamics CRM Online from two data
centers located in Germany under the third party control of a “trustee model.”
A trustee model restricts Microsoft from accessing customer data without
consent of the customer or the third-party trustee, the T-Systems subsidiary, which
operates under German
data protection law – even if the United States government requests it. If
Microsoft receives permission to access customer data in the German data
centers, its access requires trustee supervision. In theory, the partly
state-owned Deutsche Telekom will assume responsibility for approving data
transfers in a neutral fashion.
Microsoft
CEO Satya Nadella believes German data centers will “offer customers choice
and trust in how their data is handled and where it is stored.” The German data
center plan is a direct response to growing European concern over perceived
inadequacies of U.S. data protection and fear sparked by the 2013 Edward
Snowden revelations that U.S. agencies such as the National Security Agency can
access customer data of non-U.S. citizens that use Microsoft cloud services. Last
month, the European Court of Justice struck down the “Safe Harbor”
agreement between the United States and the European Union as invalid. The pact
permitted participating U.S. companies to transfer European customer data to
U.S. data centers in compliance with EU data protection law.
Microsoft currently has twenty-four
cloud “regions” and is spending £1.3 billion to expand its data center
network in the Europe. Ars Technica points out that the significance of the
announcement to unveil German data centers lies in the act of handing operational control to a local company under local law rather than simply
installing local servers. The approach could potentially avoid situations such
as Microsoft’s current dispute involving U.S. authorities
demanding access to customer data located in Ireland in which U.S. technology
companies struggle to comply with both U.S. law and EU data protection law.
On the other hand, releasing control to third-party,
European companies could also be characterized as an acknowledgement that the
United States cannot adequately protect data on its own. In the Financial Times, Stefan Heumann from the
German think tank, Stiftung Neue Verantwortung, warns that the trend toward
data localization may even lead to the danger of “Balkanizing” the Internet and
notes the irony of purposeful fragmentation in the midst of advances toward
unifying the digital market. In fact, the very nature of the cloud is
non-territorial and location independence
is a core aspect. For example, utilizing data centers across multiple
jurisdictions allows the sharing of resources by customers in different time
zones with peak usage hours occurring at different times and for seamless
transfers in the event of failed infrastructure or natural disasters. In other
words, data localization might ultimately dilute the benefits of the cloud.
0 comments:
Post a Comment