Back in June 2011 Microsoft’s UK head admitted that no cloud data is safe from the Patriot Act meaning that if necessary, Microsoft will hand over critical security information to U.S. authorities.
Since then different defense agencies have begun to do are re-take on whether Cloud services are right for them.
Now BAE systems, a defense contractor, based in London plans to bail on Microsoft Office 365 cloud-based service. The reason is that there is no guarantee that the data on their servers would not leave Europe.
Data Protection Policies
Many defense contractors implement very secret solutions to protect the business operations. One of the problems that has developed over the last year is the vulnerability of cloud services. More than one system has gone down, even if only for a short period of time. Microsoft, Jive Software, Google gMail, intuit, Amazon Web Services, vmWare Foundry, Yahoo, all suffered some cloud downtime in 2011.
When a datacenter is no longer operational, several issues are presented. Did the service go down because of some internal or external event? If it was internal, was it software based or hardware based. If it was external, was the data compromised because of a lack of firewall protection? Were viruses introduced into the system? Did encryption policies protect the data?
These are the sorts of questions that BAE was forced to look at. Then of course is the Patriot Act issue.
Microsoft and the Patriot Act
Because Microsoft is a US company, it must comply with US laws. It must comply with the Patriot Act, which allows Federal agencies to get data from not just American companies storing their data on a cloud service, but even foreign companies that are using an American based system.
That is the issue that BAE was forced to address. Reluctantly it concluded that it’s business services couldn’t be compromised by Microsoft’s cloud service protocol. The question is whether by dropping Microsoft, it will also drop any other cloud service, i.e., one based in Europe.