Microsoft’s Battle Over Data Sovereignty
Microsoft is in a legal wrangle with the US government which is seeking access to credit card numbers and bank account information stored in Ireland about a Microsoft customer. In light of this, we wanted to take a look at whether cloud technology is starting to break down for users because of cases like this.
Microsoft has done (and continues to do) an admirable job of defending its position and the sovereignty of the data stored by their clients in Ireland. Trust in Cloud Computing should be strengthened by this case, as Microsoft has spent a lot of time and effort in protecting the data it hosts and in doing so is helping establish legal precedent.
This highlights the importance of choosing the right cloud provider, and one that has the right expertise and bandwidth to challenge government requests and protect their client’s data. Unfortunately, the laws and regulations protecting digital information can be complex. They are dependent on different governments and jurisdictions, and data stored in certain countries may or may not be subject to requests by another country’s government (or even the host country’s government).
Data is a valuable commodity and customers now expect companies to have a clear understanding of the security surrounding their data, how their data is being stored and how providers are controlling access to it. This can be achieved through good process, due diligence and sound data classification, all of which should be undertaken regardless of whether an organisation opts for a Cloud Computing model or not. Despite the legal situation and potential complexity around Cloud, you need to follow these principles:
- Be aware of what data you are storing (regardless of where it is stored); classify that data appropriately; be aware of the policies and locations of the cloud provider
- Seek legal advice and evaluate data that you wish to store in the cloud and mitigate appropriately
- It’s an ever-changing landscape so review regularly
In most cases, a decommissioned disk full of customer data being left on a desk, or a USB Stick being left on a train (and many more examples) are far more likely than a government request for your data. Hence, providing you understand your data, in the majority of cases Cloud proves more secure.