Microsoft has just announced that the European Union data protection authorities have recognized that Azure’s enterprise cloud contracts meet the EU’s privacy laws. The EU data protection authorities have issued a joint letter stating this approval.
Microsoft is the first and so far the only company to receive this approval.
The statement doesn’t just cover Microsoft’s European data centers – it also covers data stored in American data centers as well.
By acknowledging that Microsoft’s contractual commitments meet the requirements of the EU’s “model clauses,” Europe’s privacy regulators have said, in effect, that personal data stored in Microsoft’s enterprise cloud is subject to Europe’s rigorous privacy standards no matter where that data is located. This is especially significant given that Europe’s Data Protection Directive sets such a high bar for privacy protection.
The work that Microsoft is doing in terms of compliance with various laws, regulations and standards including ISO standards, HIPPA standards, and now EU privacy laws is a clear differentiator as enterprise cloud customers demand strict compliance with privacy regulations and enterprise class security.
Microsoft has also recognized the concern of government snooping into enterprise data. Customers will be able to encrypt just about everything stored in the cloud:
This effort will include our major communications, productivity and developer services such as Outlook.com, Office 365, SkyDrive and Windows Azure, and will provide protection across the full lifecycle of customer-created content. More specifically:
· Customer content moving between our customers and Microsoft will be encrypted by default.
· All of our key platform, productivity and communications services will encrypt customer content as it moves between our data centers.
· We will use best-in-class industry cryptography to protect these channels, including Perfect Forward Secrecy and 2048-bit key lengths.
· All of this will be in place by the end of 2014, and much of it is effective immediately.
· We also will encrypt customer content that we store. In some cases, such as third-party services developed to run on Windows Azure, we’ll leave the choice to developers, but will offer the tools to allow them to easily protect data.
· We’re working with other companies across the industry to ensure that data traveling between services – from one email provider to another, for instance – is protected.
This type of enterprise class protection of data is a key differentiator and one that is worth reviewing when comparing enterprise cloud services.