Microsoft’s recent announcement about a new format of Azure data centre in Germany suggests European organisations worry as much about the US Government accessing their data as they do hackers
In mid-November, Microsoft announced it was opening two new Azure data centre regions in Germany. However, unlike any other European Azure data centres these won’t be owned or managed by Microsoft. Instead, German IT services company T-Systems will build and operate them and only involve supervised Microsoft assistance when it’s needed and when the customer consents. This isn’t a knee jerk reaction to the recent European ruling about the Safe Harbor agreement. It’s a concept that’s been worked on for the last two years to solve the problem of some European organisations not trusting the American government to not read their data. (Whether or not they have, could, should or would is still up for debate)
If phase one of cloud security was about protecting data from hackers and phase two about ensuring data sovereignty and data privacy, then phase three is about avoiding the long arms of the American government. Having your data stored in a data centre on your own soil might feel reassuring but Snowden introduced nervousness when it’s stored on servers owned by an American company – ultimately ruled by American law.
The last couple of years have shown the European and American courts have yet to universally agree what power American judges have over data stored in Europe. Or, whether America’s mass surveillance programmes are a breach of human rights that the European government must proactively defend. The first few test cases have been in the courts for some time and while Microsoft, Google, Facebook et al. are strongly supporting the privacy of their customers (and the viability of their business models) there’s yet to be a conclusion.
While Microsoft’s first step towards providing the cash and technology to deploy autonomous European Azure services makes sense, it’s still a gamble. If the solution to legal ambiguity was that simple, they’d all be doing it – and they may well, Amazon in particular. However, Microsoft will always be an American company whose Azure data centres use technology made in America and get powered by American cash. No amount of global deployments with regional operating models will change that. And that may be all the US Government feels it needs to keep German data centres under its law books.