Microsoft cuts ribbon on Euro cloud bit barn for Office 365, Azure Microsoft has started to serve up Azure services from a new cloud region in Germany – operated under the supervision of a data trustee – to pitch for European punters with concerns about security and data sovereignty. Redmond's plans for expanding its cloud footprint were confirmed last year by CEO Satya Nadella, and included …
Will those "Cloud" servers be physically separated from the Internet, not very likely, otherwise they wouldn't be "cloud" in nature. If they are not separated then how are they guaranteeing data privacy from snooping 3 letter agencies on the other side of the pond.
Will their be offsite replicas, if so where. The articles mentions 2 data centres without mentioning their location.
Who is the "data trustee"...
I would like to see if they can manage to get the Swiss to validate everything... The Germans didn't even manage to secure their Chancellors phone....
And because this is Microsoft, whose laws applies when the SHTF, American or European.
Will the Brits be allowed to use the new EuroCloud, if so, and because of their very friendly nature with the Americans, this could lead to some serious doubts....
To be honest, if the Americans can see your data while you're accessing a European online service, so can anyone else.
HTTPS, encryption, not using untrusted devices, checking certificates, etc. make life very hard for such agencies. Whether the traffic is visible to them or not, it doesn't really matter - your ISP or anyone who works there could also be doing the same without the above technologies.
Email? All bets are off anyway.
But if they are logging into your Office 365 from abroad without permission of GCHQ etc. then it means you've slipped up and given them your passwords. If not, they can't see it or need allied co-operation.
Sure, HTTPS evolves and old ciphers etc. have problems. But if you're on any up-to-date cloud service, pretty much you shouldn't have to worry.
To be honest, I'd be much more worried about what companies have been using Azure and Office 365 without proper EU data protection for all this time, because they haven't even cared what they've been doing with your data and whether it's legal.
Or simply Microsoft and/or GCHQ having a poke around themselves.
But if the NSA can log into your account in an EU datacentre without legal co-operation, so can anyone else.
The data centers are in Frankfurt and Magdeburg, as stated in the article.
Additionally, whilst the servers front-facing services are on the Internet, there is no remote administration access to the server farm, it must all be done locally and only vetted T-Systems employees have access. If Microsoft want access, they have to turn up with authorization and will be escorted to the machines.
Allegedly, they will not be able to touch the machines directly, so no admin access and no copying data off. That also means, that if MS are given a US court order for access to the data, they will have to refuse, because they will not get access to the servers without a valid German search warrant, as T-Systems falls under German jurisdiction and is solely responsible for the running of the services.
"Also, Deutsche Telekom is supervising access to the infrastructure that houses customer data at these high-security data centers in Germany which will be operated according to the global security and operational standards for all Microsoft datacenters."
This line of text disturbing, Microsoft are the ones dictating "the global security and operational standards". If they are applying MS standards, then isn't that as good as giving them the front door key ?
The whole sham's absolutely certainly not just a marketing sham. After all, it's not like German infrastructure would ever fall victim to the US espionage machinery.
...and it's not like the US government would have any interest in spying on insignificant little old us anyway.
...and it's obviously not like the trusty old Microsoft Corporation Inc. has or would ever deploy code/cryptography so sufficiently weak it would avoid causing a particular TLA any unnecessary inconvenience whatsoever. Even "accidentally". Or leave known critical vulnerabilities exposed for decades. Shirley absurd? Let alone secretly install said TLS a backdoor of its very own!
...and, of course, every piece of that trusty "MS" code will have been thoroughly audited by its trusty deutsche_telekom overseers, as, of course, will every single patch and update, in perpetuity...
So move along now. Nothing to see here.
Surely if we sign up to and implement every piece of data privacy legislation we'll be able to shift data in and out without any problems (assuming of course we don't have to (or choose to) hand it over to anyone else who doesn't sign up to everything). Just cause we're taking back control doesn't mean we don't have to do as we are told. We're just choosing to obey now instead of having a say in what the orders were in the first place.
Which is why they opened this data center. It is run and managed by T-Systems, a German based company. Microsoft don't get any physical or administration access to the server farm, so if they get a US warrant, they just tell the US Justice Department to go get a German search warrant and talk to T-Systems, Microsoft have nothing to do with the process.
It does matter if the servers are not in the control of Microsoft.
It seems that what they've basically done is paid for someone else to run an Azure data center or 2. T-Systems are the company running it, Microsoft are just reselling the services there.
Obviously, it'll be a heck of a lot more complex than that, but the end result is that Microsoft don't actually own the servers or the data on them, and don't have access to anything, so they can't be told to hand anything over. Such requests would have to go through the German legal system and T-Systems would have to be the company that demands are made of.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
