Microsoft has announced the availability of Azure and Office 365 from new data center regions in the UK, allowing UK customers' data in the Microsoft Cloud to stay onshore. This extends the availability of Microsoft Cloud services to 28 regions globally, which Microsoft claims is more than any other major cloud provider. Microsoft Dynamics CRM Online will be added in the first half of 2017.
UK cloud customers benefit from Microsoft's need to address EU data sovereignty issues
Microsoft is certainly a "major" cloud provider, but its claim to offer more regions globally than any other major cloud provider is more one-upmanship than anything. More important for European enterprise customers is ensuring that they're compliant with regulatory requirements, and UK enterprises now have additional reassurances from Microsoft.
In truth, it won't make much of an immediate difference to enterprise Azure and Office 365 customers that are already served out of Ireland. Data sovereignty in EU member states had already been thrown into confusion after the European Court of Justice declared in October 2015 that the existing Safe Harbor agreement with the US was invalid. After that, each EU country was left to decide whether companies that store citizens' data in the US were following safe practices. Most concluded in varying degrees that it was safer to keep data on EU soil.
It was this that spurred US-headquartered cloud service providers to establish additional data centers across Europe. Microsoft and Amazon Web Services (AWS) were quick to announce their intentions to establish data centers in the UK, joining IBM and Rackspace, which were already there. In the wake of the Brexit vote, the availability of onshore UK data centers has taken on added significance. Besides, Microsoft has a large number of financial services, public sector, and healthcare customers in the UK, so it was always going to need a UK "region" as those customers shifted to cloud.
Indeed, one UK public sector customer, the UK Ministry of Defence (MOD), has spurred Microsoft on above all others. In August 2015, the MOD signed a revised contract with HP Enterprise Services to transform its core IT services and move 250,000 users to Office 365 and Azure. The MOD set a date of September 2016 to go live with its first users.
Other UK public sector and commercial customers will no doubt take comfort from the fact that the MOD is prepared to entrust data to Microsoft's UK data centers. Likewise, financial services organizations can be confident of being compliant with future UK data sovereignty regulations, whatever they may be in a post-Brexit Britain. But regardless of where their data resides, cloud computing customers must remember that compliance is not the same as security, and ultimately they, not their cloud service providers, are responsible for protecting their organizations' and their customers' data.
Office 365: Trust, Security, and Compliance, IT0021-000083 (May 2015)
Data Privacy Legislation Impact on Enterprises, IT0018-001493 (April 2016)
Ina Brown, Senior Analyst, IT Services