As Microsoft focused on its Azure cloud computing platform at this year’s TechEd North America conference, assurances that it will fight all requests by federal agencies to access data held on servers located outside the United States may not be enough to persuade international customers that their data is in safe hands.
If the disclosures by Edward Snowden served only to confirm what had long been suspected – that the United States and British governments colluded to collect private information without our knowledge – then a recent decision by the U.S. Supreme Court to force Microsoft to comply with a search warrant for data held on a server in Dublin is merely going to muddy the already unclear waters. Businesses in European countries closely aligned to the United States may not be too concerned about the Supreme Court’s latest ruling, which Microsoft intends to appeal, but others already harbor a level of distrust that is enough to impact decisions about moving data to cloud services provided by American companies.
Sanctions have prompted Russia to start the development of its own national payment system to reduce reliance on Visa and MasterCard, and the country has begun to demand companies wishing to store personal information online must locate the data inside the Russian Federation. After all, why should the United States be able to snoop freely on foreign citizens while shutting out that country’s government? It seems a fair point. Furthermore, plans for a North Korean-style Internet, in which local and regional networks would serve the majority, and in which access to the World Wide Web would be provided by license only, were reported in the Russian press last month (although strongly denied by a Kremlin spokesman).
But does any of this matter? China already has its Great Firewall, South Korea has comprehensive Internet filtering in place, and plenty of countries have their own payment systems. Going forward, as the technology storms ahead to provide ever cheaper and more flexible cloud platforms on which businesses can offload their applications and data, more companies are going to question in which jurisdiction these services fall, and analyze the risks of putting data on servers that could be cut off from the Internet following a diplomatic spat or international crisis. It remains to be seen whether enterprises will depend on cloud platforms provided by a few large U.S. companies, or whether service providers will turn to the open source OpenStack cloud OS to offer infrastructure physically located in the same geographical area and legal jurisdiction as their clients.