Since the US software group Microsoft put its two Swiss data centres into operation, the Azure services and Office 365 applications are now also available from Switzerland. The domestic location of the new Microsoft data centres is an important step for Microsoft and promises more Swissness for Swiss customers. But what is the concrete situation with data protection? And is a server location in Switzerland sufficient for this?
The most common Azure services such as computers (virtual machines), databases and web services are available in the Microsoft Cloud Switzerland. However, not all services are currently available. See here which services can already be used in Azure.
With Office 365, most data is stored in the Microsoft Data Centers Switzerland. However, some other services of Microsoft Cloud Switzerland such as Planner, Yammer or Forms still store your data in the data centers in Ireland and the Netherlands.
Storage location of the data of the various services available in the Swiss cloud from Microsoft. Source: https://products.office.com/en-us/where-is-your-data-located?geo=UnitedStates#UnitedStates / As of 31.01.2020
Microsoft itself systematically collects data on the individual use of Word, Excel, PowerPoint and Outlook. Which telemetry data Microsoft collects in the background is opaque to the user, and the data stream is also encrypted. There is also no way for the user to switch off the data collection.
This is aggravated by the fact that Microsoft, as a US company, is automatically subject to the Cloud Act of the US government.
The Cloud Act is a US law that gives the American authorities unrestricted access to data from American IT cloud providers. It does not matter where the data is effectively stored. In the event of criminal prosecution, the authorities have a free hand and do not even have to notify the data owners. Microsoft wants to defend itself against the Cloud Act and it will be seen in the future whether this will succeed.
Furthermore, some passages of the Cloud Act violate current Swiss law (e.g. Art. 6 DSG). Thus, a US Cloud Provider is in a dilemma and may violate either Swiss law (DSG) or US law (Cloud Act) or even both together.
What does this mean for you as a cloud user? Because of the Cloud Act, you cannot be sure whether, when and to what extent your data or your customers' data will be read by foreign authorities. This can be particularly problematic with sensitive data, which has high data protection requirements. This applies in particular to companies in the financial sector, legal companies, companies in the healthcare sector and government agencies. Furthermore, the DSGVO conformity of such cloud services is also questionable.
Yes, for example with the Modern Workplace of MTF Swiss Cloud. The service is offered by MTF Swiss Cloud, a completely independent Swiss company with its own Swiss data centres. If you still want to use other public cloud solutions, the MTF Swiss Cloud is fully compatible with cloud solutions from Microsoft, Google and Amazon.
With MTF Swiss Cloud, you can use Office 365 / M365 from the cloud without being subject to the Cloud Act.
The MTF Swiss Cloud offers you a fully integrated, digital workplace so that you and your team can work securely and efficiently on the road. All data can be accessed at any time and from anywhere. Open communication and innovative teamwork significantly increase flexibility and productivity. And all this with the same security and performance as in the office.