AWS may be building a datacentre in Germany, but will the cloud data remain safe and private?

As public cloud provider AWS is looking to expand its datacentre footprint in Europe in the post-Prism world, it may have picked Germany because of the stricter regulations around data sovereignty. But the recent US court ruling asking Microsoft to hand over one customer’s email data held in its Dublin datacentre suggests that data on the cloud, regardless of where it is stored, may not be really private and secure.

While AWS has not clearly said it is building a datacentre in Germany, at its London Summit last week, Stephen Schmidt, its vice-president and chief information security officer told me that they are always looking to expand and that a Wall Street Journal article was “pretty explicit” about where their next datacentre might be?

The WSJ article quotes Andy Jassy, senior vice president naming Germany as its next datacentre location because of its “significant business in Germany” who could be demanding that their data resides within the country.

According to Chris Bunch from Cloudreach, a UK cloud consultancy firm that implements AWS clouds, AWS is growing so fast and have such market dominance that adding capcity for further growth is clearly sensible. AWS will have built one in the region within the next 12 months. 

Amazon already has three infrastructure facilities in Frankfurt, with seven others in London, Paris and Amsterdam. In addition to these ten Edge locations, it has three EC2 availability zones in Ireland, catering to EU customers.

But just as one would hail the potential AWS datacentre in Germany as a credible move to protect user data on the cloud, comes a US magistrate Court judgment ordering Microsoft to give the District Court access to the contents of one of its customer’s emails stored on a server located in Dublin. Microsoft challenged the decision but the judge disagreed and rejected its challenge.

Microsoft said: “The US government doesn’t have the power to search a home in another country, nor should it have the power to search the content of email stored overseas.”

“Microsoft’s argument is simple, perhaps deceptively so,” Judge Francis said in an official document, quashing Microsoft’s challenge.

“It has long been the law that a subpoena requires the recipient to produce information in its possession, custody, or control regardless of the location of that information,” he said.

Well, perhaps we still have a long way to go to see the rules of data sovereignty upheld, but with AWS’s growing customer portfolio, it will be good news to have public cloud data reside in Germany which has one of the strongest and toughest data regulations around the world.

Enhanced by Zemanta