Microsoft Reminds Us: Five Things Legal Firms Should Know About The Cloud
- The Cloud can be highly secure. Major cloud providers spend billions of dollars on security – it is one of their highest priorities. Even then, the major providers do not assume any aspect of their cloud platform is safe, so they don’t stop at threat modeling to secure customers. For example, Microsoft employs a tactic called Assumed Breach at every layer of the cloud defenses. This means, how the layer was breached is less important than how they stop the breach from penetrating the next layer. In addition, they have teams of thousands of technicians that play “War Games”, taking turns trying to defend the platform as well as penetrate the defenses.
- Cloud can be fully compliant. Most major Cloud providers operate across multiple regions globally, and carry appropriate certifications and attestations in each region where they operate. Many providers are set up so that for every region customers deploy resources to, the provider has a paired region within the same geo-political boundary to ensure any data or assets that the customer has can be replicated or moved in the case of a disaster, and still not violate any data sovereignty laws.
- Cloud can be private. Customer’s data is the customer’s data. Period. Major Cloud providers go to great lengths to ensure no data bleeding exists at any level of their platform. Furthermore, most all redirect government requests to the customer. They take the position that they are not at liberty to share their customer’s data nor should they be. In 2016, the United States Court of Appeals for the Second Circuit ruled in favor of Microsoft in a case where Microsoft was refusing to turn over customer data that existed in one of their data centers, demonstrating their commitment to protecting customer data.
- Indemnification. Many users build/deploy solutions on their Cloud solution particularly where vendors provide uncapped defense and indemnification coverage that extends to any open source technology that powers Cloud services. There is nothing extra you need to do as a customer; just use the Cloud provider knowing that indemnification coverage is available if you ever need it.
- The Cloud can help you protect your IP assets. Most major Cloud providers bring with them a significant portfolio of patents on their Cloud technologies, which can help defend against patent trolls and lawsuits targeting your intellectual property. This protection is often automatically extended to Cloud users.
This post was written by Rick Weyenberg, Azure Cloud Solutions Architect at Microsoft Corporation.