Channel Watch

The Case for Bringing Your Own Encryption to Microsoft's Cloud

The public cloud and third-party encryption offerings from Microsoft provide partners a key opportunity to do their customers a real service.

One of the great benefits you bring to customers as a Microsoft partner comes when you can say, "Here's what Microsoft's marketing brochure says and, yeah, it's a great product. But here are the problems we need to overcome to make it really work."

The public cloud and third-party encryption offerings from Microsoft provide one of those opportunities to do customers a real service.

There are three serious issues with storing data unencrypted with Microsoft, or in relying on Microsoft's own encryption. (Most of these objections apply to other public cloud vendors, too.)

First, there's the issue of Microsoft deciding to look at the data because it can. Paranoid? No, the company has already done it. It has searched a French blogger's Hotmail account in September 2012 while seeking to prove that a Microsoft employee was leaking trade secrets. After court documents revealed the tactic this March, Microsoft made a show of putting internal controls in place. But the protections really boil down to Microsoft determining unilaterally that a court would theoretically grant the company permission.

If your customers encrypt their data and keep their own keys, neither Microsoft lawyers, nor rogue Microsoft admins, can give in to temptation.

Next, the old argument goes that Microsoft and other big cloud providers are more competent at security than smaller hosters or customers could ever be. The theoretical caveat was that those juicy datacenters made a much, much more attractive target to the bad guys. Few observers were classing the U.S. National Security Agency (NSA) as one of those bad guys, but the Edward Snowden revelations show the NSA has been crawling all over the megavendors to get in their datacenters.

Even if you believe Microsoft's protestations that it didn't cooperate in the voluntary data handovers implied in the PRISM reports, there's MUSCULAR, which involved the NSA intercepting unencrypted communications among datacenters at Google and Yahoo. MUSCULAR frightened Microsoft (and the others) enough that it strengthened its internal encryption. But why leave it to the besieged megavendors to protect your data?

Finally, there's all those counterterrorism-related National Security Letters and the issue of the "blind subpoena," or the short-circuiting of the traditional legal discovery process that storing corporate data in a datacenter allows. The blind subpoena problem seems to be theoretical at this point. Still, if your customer data is encrypted and law enforcement wants the data, they'll have to ask your customer's lawyers for it like they did in the old days.

Having a partner to walk customers through the issues and, if warranted, help them encrypt their own data before turning it over to the Microsoft cloud is a benefit for customers and, really, helps keep Microsoft out of trouble, too. Are you considering encryption of public cloud data? Let me know at [email protected] or leave a comment below.

More Columns by Scott Bekker:

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Featured