News

Microsoft cloud computing: Windows Azure cloud data privacy explained

Bridget Botelho

One of the most common questions potential cloud customers have surrounds data ownership. In the case of Microsoft's Windows Azure, customers own their data -- but there are caveats around data use.

Microsoft

Requires Free Membership to View

uses language in its cloud data privacy policy to reserve rights on customer data that companies need to carefully consider when deploying to Windows Azure, said Rob Sanfilippo, analyst with Directions on Microsoft, an independent analysis firm based in Kirkland, Wash.

IaaS still largely boils down to 'trust us.' Comforting.

Carl Brooks,
analyst, Tier 1 Research

"Organizations should consult with their lawyers when planning solutions to be hosted on Azure, especially when those solutions contain customer data, intellectual property, trade secrets and any other sensitive data," Sanfilippo said.

Even though customers own their data on Windows Azure, Microsoft can still use it for various reasons.

This may include troubleshooting aimed at preventing, detecting or repairing problems that affect the operation of Windows Azure and the improvement of features that involve the detection of, and protection against, emerging and evolving threats to the user (such as malware or spam), the company stated in an email.

In addition, Microsoft may use statistical data, trends and usage information derived from your use of Windows Azure for the purpose of providing, operating, maintaining or improving its Infrastructure as a Service (IaaS) platform, as well as any Microsoft products and services used to deliver it.

Microsoft cloud computing data privacy policy -- explained

Microsoft has pushed for privacy legislation to boost cloud security confidence, and the company has to comply with local regulations on data.

But Microsoft reserves the right to move your data around, collect performance indicators and analyze application performance, said Carl Brooks, analyst with Tier1 Research, a technology analyst company based in New York.

"They want to arbitrarily peek at Azure applications and be able to optimize workloads, which means gathering a certain amount of information about what it does," he said.

"It's one of the things that routinely gives CISOs fits," Brooks said.

Microsoft's cloud data privacy statement shows that if Azure has to squeeze your data on to a specific physical server or release your data to the authorities, it will do so, Brooks said.

That's not to say that Microsoft claims more rights over customer data than other cloud and hosting services. As a general rule, when enlisting a third party to provide such hosting, there is always some risk of exposure of assets -- data, code or message traffic, for example -- that should be assumed, Sanfilippo said.

This type of policy is much easier for IT to swallow on the Software as a Service side – email, CRM, etc. -- since that model has been around much longer, Brooks said.

"IaaS still largely boils down to 'trust us,'" he said. "Comforting."

More information on Azure can be found at the Windows Azure Trust Center.

Read about Microsoft’s cloud data privacy rules for Office 365 on SearchExchange.com.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: