Microsoft CEO Steve Ballmer may be taking a page from the Apple [AAPL] playbook in repositioning his corporation as a "devices company", but that's just smoke and mirrors to disguise a firm that's lost its soul: its data surveillance deal with the NSA threatens its position in the enterprise. Here's why:
The enterprise cloud is insecure
Microsoft's deal with the US National Security Agency means the company has helped spooks undermine its own data encryption -- indeed the encryption within Outlook was broken before the product was even released.
Referring to information released by privacy whistle-blower, Edward Snowden (currently holed up in a no-man's land at a Moscow airport), The Guardian writes:
"The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide."
The report also reveals that within months of Microsoft's acquisition of Skype, the NSA had the capacity to monitor video calls via Prism. There's much more information as to the breadth and extent of cooperation between Microsoft and US intelligence agencies within the report. Microsoft seems to have denied these claims.
Is it safe?
What isn't fully explored in the report is the impact Microsoft's close links with the NSA are likely to have on that company's enterprise users -- particularly as the company pushes forward its vision for collaborative tools, unified communications and social media within the future enterprise.
The problem is that while US citizens enjoy some protection against the scale of personal intrusion claimed by Snowden in his discussions regarding Prism, international users do not enjoy such protection. Yet millions of Microsoft's Office customers are international, using the world's most widely deployed productivity software as an essential component of their business.
Microsoft's business users are bringing SharePoint, Yammer, SkyDrive and its other collaboration tools into their business processes. Indeed, collaboration, unified communications and cloud-based solutions are an integral part of the new mobile workforce that's emerging within the BYOD age. Which is precisely why Microsoft is offering those tools to its congregation of enterprise and business users. It wants to stay relevant to the evolution of business software.
Your privacy is our priority
Microsoft clearly understands the importance of privacy to its enterprise customers. That's why a recent (April) marketing campaign told past and future customers: "Your privacy is our priority".
That's not what the Guardian report suggests. It suggests that Microsoft considers its customer's personal privacy to be subservient to the needs of government surveillance.
I'm not about to argue that government's should not have the ability to engage in surveillance when it is required. In theory such surveillance is strictly controlled. What is frightening is that Snowden's revelations suggest surveillance has now become routine. Given an environment of routine surveillance the question has to be when, not if, some intelligence operative will come across an enterprise's valuable business data, go rogue, and sell those secrets to the highest bidder.
The bottom line is that by denying customer privacy, Microsoft has put its entire business at risk. Enterprise users demand -- and have a right to -- privacy when it comes to their business processes, secrets, documents and data. The future evolution of the cloud demands rock-solid security for all stakeholders, individual users and enterprises alike. The future evolution of mobile systems and connected devices also demands a level of privacy Microsoft can no longer credibly promise to offer customers.
The eventual impact of this is that any CIO that places value in privacy must now consider those Microsoft solutions their firms already uses and investigate if a more secure replacement to those solutions yet exists.
We know it's not just Microsoft. Google, Yahoo, Apple -- the big firms from across Silicon Valley -- are all implicated. Is iWork for iCloud truly secure?
The questions for their customers must be:
- At what point is surveillance acceptable, and at which point does it become unpalatable?
- Where is the divide between national security and personal/enterprise privacy?
- Are business secrets truly safe when governments worldwide are so easily able to access a company's cloud-hosted data.
- (Consider this: if the NSA has the keys to the software kingdom, you can guarantee others also have such keys -- spies spy on spies, after all.)
What price BYOD?
Microsoft may have chosen to reconfigure itself as a devices company, but what's the point using its devices when every potential customer now knows the company is so thinly committed to ensuring their personal privacy? Why would an enterprise customer choose to use that firm's new collaborative tools when they must now recognize those communications are not inherently secure?
The continuing revelations from the Prism scandal are absolutely chilling. They place real obstacles to the evolution of the future enterprise, the culture of mobile devices and the gathering momentum of cloud-based services.
However, Microsoft's position as the software gorilla of enterprise culture means much was once expected of the firm when it came to advocating the privacy of its customers. In making the decision to break that compact the company has -- in one move -- killed the enterprise cloud.
So what will its enterprise customers choose to do about this?
Who will rise up to provide a truly secure range of tools? I'd like to imagine it may be Apple, but I see that firm as equally as likely to cooperate with intelligence agencies.
However, where we stand right now, millions of personal and enterprise customers worldwide must surely be asking in which software god to trust.
Perhaps it's time to reinvent the fax machine.
Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you knowwhen these items are published here first on Computerworld.