New Azure Region in Germany
Microsoft announced their plans to establish a geo-replicated German Azure datacenter region located in Frankfurt am Main and in Magdeburg, with the launch date in mid-2016. The specific Azure infrastructure components and software will be provided by Microsoft, but the datacenters will be owned by German Telekom and operated by T-Systems. The basic idea is that Microsoft does not have access to the customer data and that there is no Microsoft operations team running the datacenters. They can help debug issues and assist the local operators with issues, but – according to Microsoft officials – only in an escorted and audited way. This enables unique guarantees around data sovereignty and ensures all data is managed under local laws. Deutsche Telekom acts as the Data Trustee for Azure in Germany.
This all can be seen as a reaction by Microsoft to their pending case against the US Department of Justice. It’s all about a US search warrant for Hotmail emails stored in Ireland. The US government claims the right to demand the emails of anyone in the world from any email provider headquartered within US borders (see this article published by The Guardian for details). Without any counter measures by Microsoft, losing this case would mean that customer lose trust and Microsoft will lose business in Europe despite the billion-dollar investments they have made into European Azure datacenters. Obviously, Microsoft is fighting the US government, primarily in order to boost the Azure revenue stream outside of the US, with the protection of users’ privacy as a nice side effect. The approach in Germany would make it very hard for a US court to make a contempt order or for US authorities to force Microsoft into giving them access to customer data. The fact that the German government is a stakeholder in Deutsche Telekom even spices up the situation.
The software in the German Azure datacenters will be exactly the same as the rest of Azure – they are just completely separate and isolated instances. Over the last two weeks I discussed this Microsoft announcement with a number of people attending E2EVC conference in Lisbon and Microsoft Technical Summit in Darmstadt. The feedback I heard from German community fellows was extremely positive. Microsoft customers are also very excited about this move. I personally think that establishing such an enclosed Azure region is a game changer, taking Germany’s strict privacy laws on one side and its economic power on the other side into consideration. For the first time we seem to have a solution that legally protects data from direct access by US government and their intelligence agencies.
But what about German consulting companies and software vendors? Some of them were not too enthusiastic about the announcement. Well I need to rephrase this: Those consulting companies and software vendors that don’t have a serious cloud strategy were not exited – for obvious reasons. If Microsoft’s plan works out, it’s like a revolution. And every revolution creates winners and losers. Those who are not prepared for the massive IT business changes a successful corporate cloud offering will bring to the table may well render irrelevant pretty soon. New players in the Microsoft ecosystem may replace them in projects and product development. It’s those new players who know how to use the Azure PaaS and IaaS building blocks in a smart way, who know how to configure, connect and run hybrid datacenters, who know about AD federation and identity management, and who know about all aspects of remoting and automation technologies. When Azure Germany works as expected than it’s not the question if corporate applications and data will move to the cloud, the question will rather be when.
But there is another question that came up in several discussions: Is it possible that Microsoft customers from outside of Germany or the European Union store their data in the German Azure datacenters? Is this a new “safe harbor” then? What if some bad guys are misusing the German privacy laws to hide their evil activities done through the protected cloud hosted in Germany? Are German courts and government prepared to deal with such a situation? I have my serious doubts, considering the fact that for the majority of German politicians the Internet is still a “new thing”. And the unprofessional way the IT department running the computer network of the German federal government was dealing with a hacker attack earlier this year makes me even more concerned. While everything else is over-regulated in Germany, there seem to be no response plans for hacker attacks or legal issues with “bad” data stored in a protected German cloud infrastructure. In other words, even if corporate Germany gets ready to move to a protected cloud offering they may find out that the German government is far behind. Interesting times…