I try to stay fairly apolitical in this space. That is generally not too difficult because my personal politics tend to be fairly close to “If it’s coming from a professional politician it’s a bad idea and maybe even a dangerously bad idea.”, so I don’t really have a “side” on most political arguments. Today I am inspired to be at least a little bit political by a post from Microsoft CPO (Chief Privacy Officer) Brendon Lynch.
“The cloud” is currently all the rage in IT. There are a number of great benefits to organizations to moving certain workloads to “the cloud”. Email is really the first huge workload to move to “the cloud” because it is hard to do right yourself, and it works very well from “the cloud”. By any measure Microsoft has been hugely successful in moving customers to Office 365 mainly because Exchange makes it fairly easy to move from an on-premises solution into a cloud solution.
So what can stop this huge move to “the cloud”? In my opinion, the most likely thing to kill “the cloud” is going to be governments seeing an easy way to access all of an organizations data and not being able to control themselves. Not only the Unites States government, but China and the UK are currently demanding access to email stored in Office 365. Apparently the UK has now passed a law that says they can demand access to my Office 365 mailbox even though I have never set foot in England and my email has never been hosted anywhere near their island.
As with all things, the initial demands for access to your email are currently being rationalized under the cover of security. “We need access to your email so that we can keep you safe from terrorists”, but of course governments with this access are not going to ignore it when it comes times to chase tax cheats. As it turns out some politicians have even believed “If the President does it, it’s not illegal”.
By all indications, Microsoft “gets it”. Office 365, and any other cloud service, is never going to grow to the scale they would like if their customers don’t believe their data is safe. However good Microsoft might be about protecting your data, no one is going to risk a multi-billion dollar corporation to protect your data from a legal government order.
Some will try to protect themselves via encryption. Trend Micro has a new/upcoming service that is supposed to encrypt your email inside of Office 365. While this sounds like a nifty solution, based on what I have seen Microsoft still has unencrypted copies of your data. Trend’s solution appears to kick in after email lands in your mailbox, which is already too late if you’re hoping to keep Microsoft out of your data.
So what can you do? Well, I don’t have a good answer for you. Probably the best you can do is know that if your data does not exist on disks that you physically control, then other people are going to have access to that data. If you data is on Microsoft’s disks, then Microsoft has access to it. Microsoft may try to protect your data from being access by people you don’t authorize for that access, but governments can put enough finical pressure on any company to get them to hand over your data. If the security of your data is important, don’t let it out of your control.