The Case for Bringing Your Own Encryption to Microsoft's Cloud -- Redmond Channel Partner

The Case for Bringing Your Own Encryption to Microsoft's Cloud

The public cloud and third-party encryption offerings from Microsoft provide partners a key opportunity to do their customers a real service.

By Scott Bekker
December 04, 2014

One of the great benefits you bring to customers as a Microsoft partner comes when you can say, "Here's what Microsoft's marketing brochure says and, yeah, it's a great product. But here are the problems we need to overcome to make it really work."

The public cloud and third-party encryption offerings from Microsoft provide one of those opportunities to do customers a real service.

There are three serious issues with storing data unencrypted with Microsoft, or in relying on Microsoft's own encryption. (Most of these objections apply to other public cloud vendors, too.)

First, there's the issue of Microsoft deciding to look at the data because it can. Paranoid? No, the company has already done it. It has searched a French blogger's Hotmail account in September 2012 while seeking to prove that a Microsoft employee was leaking trade secrets. After court documents revealed the tactic this March, Microsoft made a show of putting internal controls in place. But the protections really boil down to Microsoft determining unilaterally that a court would theoretically grant the company permission.

If your customers encrypt their data and keep their own keys, neither Microsoft lawyers, nor rogue Microsoft admins, can give in to temptation.

Next, the old argument goes that Microsoft and other big cloud providers are more competent at security than smaller hosters or customers could ever be. The theoretical caveat was that those juicy datacenters made a much, much more attractive target to the bad guys. Few observers were classing the U.S. National Security Agency (NSA) as one of those bad guys, but the Edward Snowden revelations show the NSA has been crawling all over the megavendors to get in their datacenters.

Even if you believe Microsoft's protestations that it didn't cooperate in the voluntary data handovers implied in the PRISM reports, there's MUSCULAR, which involved the NSA intercepting unencrypted communications among datacenters at Google and Yahoo. MUSCULAR frightened Microsoft (and the others) enough that it strengthened its internal encryption. But why leave it to the besieged megavendors to protect your data?

Finally, there's all those counterterrorism-related National Security Letters and the issue of the "blind subpoena," or the short-circuiting of the traditional legal discovery process that storing corporate data in a datacenter allows. The blind subpoena problem seems to be theoretical at this point. Still, if your customer data is encrypted and law enforcement wants the data, they'll have to ask your customer's lawyers for it like they did in the old days.

Having a partner to walk customers through the issues and, if warranted, help them encrypt their own data before turning it over to the Microsoft cloud is a benefit for customers and, really, helps keep Microsoft out of trouble, too. Are you considering encryption of public cloud data? Let me know at [email protected] or leave a comment below.

More Columns by Scott Bekker:

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.

Free Webcast! Learn about Password Management Best Practices

Featured

The 2024 Microsoft Product Roadmap

Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.
Microsoft Makes AI Push in London and Japan with Strategic Investments

Looking to further the global reach of its aggressive AI push, Microsoft made a couple of announcements this week focused on overseas initiatives and investments.
Top SMB Threats Include Ransomware and Windows Server 2012: Report

Managed services providers that support SMBs have their hands full this year: The constellation of threats targeting their customer base is more varied and harder to detect than ever.
2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

RCP Update

Email Address*Country*

Please type the letters/numbers you see above.

The Case for Bringing Your Own Encryption to Microsoft's Cloud

Featured

The 2024 Microsoft Product Roadmap

Microsoft Makes AI Push in London and Japan with Strategic Investments

Top SMB Threats Include Ransomware and Windows Server 2012: Report

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Names Head of New Consumer AI Division

Microsoft Broadens Secure Software Development Initiative

The Most Important Document for Partners To Read Now: CSF 2.0

2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

The 2024 Microsoft Product Roadmap

Microsoft Names Head of New Consumer AI Division

Microsoft Broadens Secure Software Development Initiative

The Most Important Document for Partners To Read Now: CSF 2.0

Partner Guides

Partner's Guide to the Windows Server 2008 Deadline

Partner's Guide to Office 365 Security Costs

Partner's Guide to UCaaS

Partner's Guide to Starter Workloads in Azure

Partner's Guide to Microsoft's Fiscal Year 2019

FREE WEBCASTS FROM OUR SPONSORS

Coffee Talk: Phishing Awareness Training 101 for Partners

Security Essentials: Empowering MSPs with Datto’s Integrated Solutions

Coffee Talk: Endpoint Security 101: Threats & Strategies SMB Partners Need to Know

Automated Intelligence: Simplifying M365 Governance for MSPs

FREE WHITE PAPERS FROM OUR SPONSORS

A guide to zero trust for MSPs

Microsoft CSP Guide

10 Reasons to Bundle Security with your Managed Services

Battling Business Email Compromise