Microsoft versus the Department of Justice – Round 1 to Microsoft
All of our solutions are available in the cloud. Naturally, we read with interest the decision by the federal appeals court that the US Government cannot force Microsoft to turn over emails stored on Microsoft servers in Ireland. Obviously a defeat for the Department of Justice (DoJ) and a victory for privacy advocates and companies such as ours that include cloud based offerings. Done deal? Not so fast. The DoJ based its request on a rather out dated law from 1986. A bipartisan bill was introduced in May in the US Senate to strike a better balance between law enforcement needs and users privacy interests and expectations. We’ll see where that goes.
It is the responsibility of the owner of information to ensure that it is stored where they want it stored. This should be covered by your SLA with the cloud provider and then cross your fingers that they adhere to their commitment. Everything should be fine, unless you live in the United States and the DoJ wants your emails. Probably 99.9% of companies are not storing information related to cybercrime or nefarious criminal activities, but you would not have thought that Booz Allen Hamilton even thought of espionage when they contracted Edward Snowden.
Data sovereignty has broken down traditional geopolitical boundaries. You are required to comply with the requirements and laws of every country you do business with, and where your cloud provider stores your information. Where does this leave us? At the most basic level, where do you store your records? How do you protect confidential information? How do you ensure government compliance audits such as for ITAR? What about customer information, or financial information? All of our platforms support the identification of organizationally unique descriptors that will identify intelligent content in context and auto-classify the content to one or more taxonomies, regardless of where the data is stored. This provides the information you need to make sound decisions on where you do want the data stored, and move it, or leave it where it is. Unfortunately the cloud in many ways has added a great deal of complexity regarding the protection of your information and your organizations intellectual property.
I think everyone wants the bad guys caught. But that’s the other side of the coin. For right now and into the future you are the one responsible for your data and must decide the amount of risk your organization is willing to take to protect it.