Microsoft has revealed new details about its plans to open data centers in Germany. In a blog post, Ralf Wigand, senior program manager at Microsoft Germany, noted that the German data centers will be controlled by a third party — T-Systems, a Deutsche Telekom subsidiary.
All access to the data will be based on role-based access control (RBAC), he said.
RBAC is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. It enables administrators to assign roles and tasks like creating, modifying or downloading files.
In this context, access to data is based on the ability of an individual user to perform a specific task, such as to view, create or modify a file.
The assignment of roles will be based on Readers or Owners, or realms like server, mailboxes and resource groups, among others.
The clever thing here is that the rights governing the resource groups will only apply to the elements contained in that group and not to the entire subscription. This means that if, for example, you have a resource group in Azure containing two virtual machines, some storage, a network and an external IP, an administrator can be assigned to that group.
The administrator, in turn, will have access to everything in that group, but only the contents of that group.
Keeping Microsoft Out
This model adds deep-grained security. But it also keeps Microsoft out of the loop and away from all data, unless a problem arises. Wigand writes that access can be granted to Microsoft, “only for a special purpose like a support call from a customer."
In that case, temporary access will be granted by the Data Trustee to the Microsoft engineer, and only for the specified area. After that time all access is revoked automatically.
The data will only available in Germany, and specifically in the two regions where the centers are located, Central and Northeast Germany.
There are other security measures that aim to isolate the data centers from Microsoft and from access by US agencies that may be looking for customer data stored by Microsoft.
The development of the German data centers came on the heels of a decision of a US judge that ruled Microsoft had to turn over a customer’s email stored in Ireland. Microsoft is appealing the decision.
Data protection is a growing area of concern. Earlier this week, IBM had to bring the FBI in to arrest an employee who allegedly stole proprietary code and tried to sell it to competitors.
Jiaqiang Xu was charged with one count of theft of a trade secret in a criminal complaint filed in federal court in White Plains, N.Y. yesterday. Xu, who began working at IBM in China in 2010, had full access to the source code before voluntarily resigning in May 2014.