Microsoft on Wednesday said it would offer its Azure, Office 365 and Dynamics CRM cloud services to business clients using two Germany-based data centers hosted by a subsidiary of Deutsche Telekom.
The arrangement will protect the integrity and privacy of customer data, the company said.
The data centers, located in Magdeburg and Franfkurt am Main, will be under the control of T-Systems, a unit of Deutsche Telekom, which will act as data trustee and have control over all access to the data, Microsoft said.
Under the agreement, Microsoft will not be able to access the data without permission of the trustee, and if such permission should be granted, Microsoft would be able to access data only under supervision of the trustee.
“The data trustee controls access approval to customer data by anyone other than the customer and their end users,” a Microsoft spokesperson said in comments provided to the E-Commerce Times by company rep Jennifer Reynolds. “This means that operations or other tasks that require access to customer data or the infrastructure in which customer data resides will be performed or supervised by the data trustee, or in certain instances directly by the customer. Microsoft and its subcontractors will not have access to customer data without prior approval by the customer or the data trustee.”
The program is scheduled to begin in the second half of 2016, in compliance with a strict set of security standards including multifactor authentication with biometric scanning and smart cards, data encryption by SSL/TLS protocols based on German certificates, physical security controls, and protection against power outages and natural disasters.
The announcement came just a day after Microsoft announced plans to expand its cloud services with new data centers in the UK, as well as the completion of expanded data centers in Ireland and the Netherlands.
However, the data trustee model is specific to the Microsoft cloud in Germany, Microsoft said.
Safe Harbor Fallout
The European Court of Justice last month ruled that a 15-year-old Safe Harbor treaty with the U.S. was invalid in terms of protecting the rights of European citizens. The decision responded to an Austrian citizen’s complaint that his privacy was endangered, based on exposure of Facebook data that he argued could be used illegally without his permission.
“This looks like Microsoft making sure it can continue to do cloud business in the EU regardless of any uncertainty created by the recent Schrems Safe Harbor decision,” said Sherwin Siy, vice president of legal affairs at Public Knowledge.
“By making sure that the data doesn’t have to leave the EU, Microsoft reduces the possible liability for sending Europeans’ personal data to the U.S. or elsewhere,” he told the E-Commerce Times.
The German data center plans were in the works long before the Safe Harbor ruling was handed down, however, and it was not a factor in the company’s decision to enter the data trustee agreement, according to Microsoft.
Growing Cloud Services Business
The move is critical to Microsoft’s growing cloud services business, as it has spent more than US$15 billion to expand that part of its business globally. The Azure cloud services platform currently is available in more than 140 countries, according to the company, with 24 Azure regions around the world — more than any other competitor offering cloud services can claim.
Microsoft’s Intelligent Cloud business grew 8 percent to $5.9 billion in the fiscal first-quarter, the company reported.
Rivals like Amazon and Google have been building out their data center infrastructures in the EU, and Amazon has reserved at least a portion of it for its Amazon Web Services cloud platform, according to Colin Sebastian, an analyst at Robert W. Baird & Co.
“Beyond Safe Harbor rulings, what we hear from some Europe-based companies is they don’t trust their data being located in the U.S. and other regions, and demand that servers are located in Europe, subject to the laws of the EU,” Sebastian told the E. Commerce Times.
Part of Microsoft’s calculus may have gone beyond the Safe Harbor issue, according to Ian Trump, security lead at Logic Now.
Microsoft earlier this year was involved in a controversial legal case in which the U.S. Department of Justice argued that it had the right to demand emails of anyone in the world using an email provider that resides in the U.S., he pointed out.
That case, heard by the Second Circuit Court of Appeals, involved the DoJ issuing a search warrant to compel the handover of hotmail accounts located on a server in Ireland.
“More importantly, this move placates a personal perception that national borders will somehow protect personal and private data in the cloud,” Trump told the E-Commerce Times.
One of the main treaties that this would apply to would be the Mutual Legal Assistance Treaty, he noted. “The U.S. government would submit the warrant to the court of the nation in question and supply the necessary burden of proof and the data could then be obtained.”