Microsoft moves to answer those pesky Safe Harbor concerns

News from Redmond that looks set to please Europeans generally and Germans in particular.


A few weeks ago when the news came out that Safe harbor provisions would no longer be a safe haven for U.S. vendors doing business in Europe, there was plenty of concern about what it would mean for the largest U.S. cloud vendors -- Salesforce, Microsoft, Google and Amazon Web Services (AWS) all have massive business in Europe and relied on the Safe Harbor provisions to keep customers feeling secure.

It didn't take long to see some reactions from the vendor side and just this week Microsoft announced a plan to offer many of its cloud services, including Azure, Office 365 and Dynamics CRM Online, served directly from data centers in Germany. But that in itself isn't particularly innovative, and may not actually resolve the issues around jurisdiction. So Microsoft is moving beyond simply having in-country data centers and are delivering services in Germany via a third party. 

Microsoft's "Cloud in Germany" which is set to launch in the second half of next year, will be operated under German law and run by T-Systems, a subsidiary of German telecommunications vendor Deutsche Telekom. The setup will include two distinct data centers, one in Magdeburg and one in Frankfurt. Under the model that Microsoft is calling "data trusteeship," Redmond will have no access to customer data without the specific consent of the trustee. Even if a third party (read the U.S. government) orders it to hand over customer data, in theory, it is not able to do so.

This approach is distinct from that taken in other European countries where Microsoft (and other vendors such as Google and AWS) own and run their own operations. Indeed both AWS and Microsoft have announced they will be building data centers in the UK in the next year. The key difference here is that these vendor-operated data centers offer little or no protection against U.S. government agencies -- the trustee model should, in theory, do so.

Therein lies the rub, however. As Paul Miller, a noted cloud computing analyst for Forrester based in the UK pointed out, there is little clarity around whether the assumption of the trustee model covering customers security will, in fact, stand up legally:

“Microsoft’s lawyers and T-Systems’ lawyers argue that the German Data Trustee model, which is at the heart of this week’s deal and is governed by German law, will be effective in shielding data from U.S. demands. But, to be sure, we must wait for the first legal challenge. And the appeal. And the counter-appeal,” he rightly pointed out.

Miller has an extensive history consulting around IT within the European Parliament so is well versed with these intricacies.

It is an interesting model and, if proven effective, could be an approach that other vendors follow. But it would be a brave person that suggests that this is a panacea to all the jurisdictional questions that cloud computing can bring. It will be interesting to see how German organizations respond to the approach. One thing is for sure, the image that T-Systems used to launch this offering is difficult to justify, it is unlikely that this will, in any way, be an AWS-killer.

Copyright © 2015 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon