Channel Watch

The Case for Bringing Your Own Encryption to Microsoft's Cloud

The public cloud and third-party encryption offerings from Microsoft provide partners a key opportunity to do their customers a real service.

One of the great benefits you bring to customers as a Microsoft partner comes when you can say, "Here's what Microsoft's marketing brochure says and, yeah, it's a great product. But here are the problems we need to overcome to make it really work."

The public cloud and third-party encryption offerings from Microsoft provide one of those opportunities to do customers a real service.

There are three serious issues with storing data unencrypted with Microsoft, or in relying on Microsoft's own encryption. (Most of these objections apply to other public cloud vendors, too.)

First, there's the issue of Microsoft deciding to look at the data because it can. Paranoid? No, the company has already done it. It has searched a French blogger's Hotmail account in September 2012 while seeking to prove that a Microsoft employee was leaking trade secrets. After court documents revealed the tactic this March, Microsoft made a show of putting internal controls in place. But the protections really boil down to Microsoft determining unilaterally that a court would theoretically grant the company permission.

If your customers encrypt their data and keep their own keys, neither Microsoft lawyers, nor rogue Microsoft admins, can give in to temptation.

Next, the old argument goes that Microsoft and other big cloud providers are more competent at security than smaller hosters or customers could ever be. The theoretical caveat was that those juicy datacenters made a much, much more attractive target to the bad guys. Few observers were classing the U.S. National Security Agency (NSA) as one of those bad guys, but the Edward Snowden revelations show the NSA has been crawling all over the megavendors to get in their datacenters.

Even if you believe Microsoft's protestations that it didn't cooperate in the voluntary data handovers implied in the PRISM reports, there's MUSCULAR, which involved the NSA intercepting unencrypted communications among datacenters at Google and Yahoo. MUSCULAR frightened Microsoft (and the others) enough that it strengthened its internal encryption. But why leave it to the besieged megavendors to protect your data?

Finally, there's all those counterterrorism-related National Security Letters and the issue of the "blind subpoena," or the short-circuiting of the traditional legal discovery process that storing corporate data in a datacenter allows. The blind subpoena problem seems to be theoretical at this point. Still, if your customer data is encrypted and law enforcement wants the data, they'll have to ask your customer's lawyers for it like they did in the old days.

Having a partner to walk customers through the issues and, if warranted, help them encrypt their own data before turning it over to the Microsoft cloud is a benefit for customers and, really, helps keep Microsoft out of trouble, too. Are you considering encryption of public cloud data? Let me know at [email protected] or leave a comment below.

More Columns by Scott Bekker:

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured

  • Microsoft Extends AI Copyright Protections to Its Partners

    Microsoft this week announced several new partner benefits meant to accelerate channel sales amid skyrocketing AI demand.

  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Close Up Dollar Bill Graphic

    Price Increases Coming to Power BI, Microsoft Teams Phone

    Microsoft is preparing to implement the first price increases for two standalone products: Power BI and Microsoft Teams Phone.

  • Dynamics 365 Getting Data Security Boost from Druva

    Druva is working to extend its SaaS-based data security platform to support Microsoft's Dynamics 365 Sales and Dynamics 365 Customer Service products.