Battle of the Clouds: Azure goes lower Windows Azure pricing is dropping by up to 28 per cent as Microsoft goes head to head againstAmazon's cloud storage. As announced in the Windows Azure blog by Steven Martin, general manager for Windows Azure business planning, there is a "price reduction for Windows Azure Storage by as much as 28 per cent, effective on …
After transerring several of my asp.net websites into the azure cloud this week i would like to advise anyone outside the US to steer clear... the apps you need to send simple emails (sendgrid) from your website - such as order receipts and contact forms are only available to those in the USA... The only other option is to hack together your own smtp relay... completely unprofessional. The amazon cloud offers email relays, my web host that i've been with for 10 years has an smtp email relay!!!!
Anyone in the EU should avoid any US based (or even only doing business with the USA) cloud provider. According to an analysis of the patriot act, the USA government has decided they can access your data even if the cloud provider isn't American, just as long as it has business there...
So Microsoft, Amazon and Google are out, it doesn't matter how much they lower their prices.
And your data would be of interest? I doubt it. Even your obvious anti-Yank sentiment would be of little more than comedy value.
No, my formal and clearly detailed legal obligation as a company to take care of my client's data is of interest. This is why I do not want a government harming the sovereignty of the country I live in, because if these idiots leak the data they steal it will not be them who has to face the consequences, it will be my business and my clients - who did nothing wrong but could get harmed regardless. They had to invent the term "collateral damage" for a reason..
I'm not anti this-or-the-other, I'm against having to put in some extra effort to keep stupid from causing harm.
".....my formal and clearly detailed legal obligation as a company to take care of my client's data is of interest...." Right, then name one country where they can't just slap a search warrant on you and go through all your data, your customers' data, and your knickers if so desired, and if it's of "interest" to the Yanks then it will be shared. The idea that your data is any safer in the UK or anywhere else in Europe or Australasia is just silly. If anything, there would seem to be more controls in the US than places like the UK, where we can even charge you if you refuse to decrypt any data we decide we want to look at. So where else are you going to put your data, China or Russia? Might as well bend over at the same time.
Matt, it's not about the search warrant - it's about needing a search warrant in the first place, and if so, how that is issued.
Most EU countries have fallen for the same ruse and introduced backdoors into their legislation, ostensibly for fighting "terrorists" or whatever other evil du jour (you may have noticed that people have stopped being scared of terrorists, so expect another atrocity soon - conspiracy theorists are welcome to assume sponsoring, given the parties that always do well out of such an event).
The critical point of that backdoor is that it neatly avoids due process - even in the UK you can under circumstances gain access on the nod, nod, wink, wink principle because nobody wants to be blamed for helping terrorists/child pornographers/communists (just to give you a list) and so BREAKS the law - but with no consequences, all were starting to consider that the norm, regardless of who got hurt in the process. Well, until the Leveson enquiry in the UK.
We have rights, and obligations to go with them. Your right, enshrined in the Human Rights declaration and adopted by all the nations under question isn't just that of privacy, but also of correct application of the law - innocent until proven guilty. Law enforcement has controlled privileges to break that right on suspicion of crime, but they are privileges, not rights, and the control was exactly what was discarded with anti-terror legislation - notice that key to all this legislation is the ability to hide what they do with it. THIS is where you should ask the question: "what are you hiding?" (the answer is massive abuse, but "national security" covers many sins).
Nobody should have a problem with law enforcement doing what we pay them to do, everybody should have a problem with law enforcement abusing those privileges because that opens the door wide for insider threat. So it should not be a matter of "slapping" a search warrant on someone, this should be the result of a correct process which involves a judge, full examination of initial evidence and which protects the results so they cannot be abused for other purposes either. If time pressure prevents such full process, it must be re-examined afterwards, something that simply doesn't happen.
So, the question is, how can you protect yourself against that abuse, yet not get in the way of correct law enforcement process (because that's not just wrong, it's also stupid)? I'm using the answer to that for business - we sell really *secure* services because we didn't just get the tech right (that's was the relatively "easy" part), we also got the legal coverage done to a point where we tell even lawyers what to do (one of the largest UK law firms shipped all their IT out of the UK less than a month after talking to us).
Here are a few hints:
- as an ordinary citizen or SME you cannot force process on law enforcement - unless they have to cross the border
- examine the laws in all parts of the world where a supplier is present, the US Patriot Act is not the only example and any subsidiary can be used to create a backdoor
- examine how much you pay. Doing this right isn't just expensive technically, lawyers cost money too. If it's cheap (compare people vs costs, for instance) you better start asking questions because something isn't right.
- get someone competent involved in such examination. It takes insight in technology, security, process and law to examine this, and there are very few who offer that combination - it takes us months to train new people because doing it right is simply complex.
So there..
So after all that hyperventilating and shrieking about rights and intrusive police, you're basically just admitting exactly what I said - your data is actually no better protected here in the UK or anywhere else in Europe to the US. I do believe you when you say you advise as a security consultant going by the high male bovine manure quotient in your reply.
you're basically just admitting exactly what I said - your data is actually no better protected here in the UK or anywhere else in Europe to the US
Maybe you should focus on comprehensive reading instead of personal invective, as you're actually labouring under a flawed set of assumptions. One is that Data Protection laws are the same throughout Europe..
It's about protecting the client as well as the data.
If the US gets the Australian government to allow them to rifle through your bank accounts, that's one thing. To make an Australian's bank account data available in the US or China without telling anyone - that's a whole different story. It's a liability thing.
And don't laugh, this is history, not speculation.
I think the OP was referring to the impact of Data Protection legislation on what you do.
As a matter of fact, I would avoid anything that has as much as a subdivision in the US because that puts your data within reach of the Patriot Act and other creative interpretations of your Human Rights (it's not just about privacy).
Ars Technica has a nice piece about the wealth of bypasses your rights are subject to when you go near the US. It's actually ironic that the nation that sells itself as the world's fighter for freedom, democracy and human rights has managed to make itself to be less trustworthy than China..
From what i've read only third party apps allow you to use email as microsoft don't want their IP addresses blacklisted... I've got around 10 websites that use emails for order receipts, enquiry forms etc... if I use the smtp relay for office 365 its around 3 quid a month per domain - i refuse to pay £30 quid a month for a simple email service!
I'm sure sendgrid would be good if they would be a bit more realistic... they want examples of what i'm going to be sending!!! I mean come on!!!
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
