One of the most common questions potential cloud customers have surrounds data ownership. In the case of Microsoft's Windows Azure, customers own their data -- but there are caveats around data use.
IaaS still largely boils down to 'trust us.' Comforting.
analyst, Tier 1 Research
"Organizations should consult with their lawyers when planning solutions to be hosted on Azure, especially when those solutions contain customer data, intellectual property, trade secrets and any other sensitive data," Sanfilippo said.
Even though customers own their data on Windows Azure, Microsoft can still use it for various reasons.
This may include troubleshooting aimed at preventing, detecting or repairing problems that affect the operation of Windows Azure and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to the user (such as malware or spam), the company stated in an email.
In addition, Microsoft may use statistical data, trends and usage information derived from your use of Windows Azure for the purpose of providing, operating, maintaining or improving its Infrastructure as a Service (IaaS) platform, as well as any Microsoft products and services used to deliver it.
Microsoft has pushed for privacy legislation to boost cloud security confidence, and the company has to comply with local regulations on data.
But Microsoft reserves the right to move your data around, collect performance indicators and analyze application performance, said Carl Brooks, analyst with Tier1 Research, a technology analyst company based in New York.
"They want to arbitrarily peek at Azure applications and be able to optimize workloads, which means gathering a certain amount of information about what it does," he said.
"It's one of the things that routinely gives CISOs fits," Brooks said.
Microsoft's cloud data privacy statement shows that if Azure has to squeeze your data on to a specific physical server or release your data to the authorities, it will do so, Brooks said.
That's not to say that Microsoft claims more rights over customer data than other cloud and hosting services. As a general rule, when enlisting a third party to provide such hosting, there is always some risk of exposure of assets -- data, code or message traffic, for example -- that should be assumed, Sanfilippo said.
This type of policy is much easier for IT to swallow on the Software as a Service side – email, CRM, etc. -- since that model has been around much longer, Brooks said.
"IaaS still largely boils down to 'trust us,'" he said. "Comforting."
More information on Azure can be found at the Windows Azure Trust Center.
Read about Microsoft’s cloud data privacy rules for Office 365 on SearchExchange.com.