Who Owns My Data Stored on Office 365 ?

OK, so by now you have know that decided to keep your emails, photos, documents in the cloud (using Google, Microsoft, Yahoo, Amazon etc) and talking with people, one question that I get very often is "Hey, since I am keeping my files in the cloud stored in these companies machines, do they own my data now? Can they read my emails?"


I am going to address here the Microsoft point of view. Short answer: No, you still are the owner of the data. Even if they are stored in their servers.

Of course, Microsoft has a very comprehensive process to access the data stored, after all that information stored in the cloud needs to be looked after (backups, storage, etc). There is very, very, very little possibility for someone alone get their hands in your information.

For example, when you open your email or when you see a photo from your online album stored in the cloud, there is a huge amount of processing, exchange and compiling happening behind the scenes to grab your data which is spread in many locations and make it to your computer screen magically as if it was stored in your computer's local drive. If someone had access to the actual physical server where these emails or pictures are stored, it would be virtually impossible (just to not to say 100% impossible) to retrieve that same information.

That's because there is a very complicated and secure process for this to happen and the reason this process exists is to address privacy, regulations and compliance concerns of several institutions and governments. Remember: Just like regular users, Microsoft also has big organizations and even governments as clients and they store data there too.

About Data Visibility and Control

Now, let's talk about what happens when someone first moves their data to the cloud. When this happens, a key tenet of ownership is the visibility level and control that person has over their data. They are basically compost of 3 things: Being able to see the data, being able to perform actions on the data, being aware of what actions were performed on the data at any given time.


And despite these seems to be 'simple things', they are extremely complex to achieve. Nevertheless they are achieved to the perfection by the cloud team. Quite frankly, chances are your data is several times more secure in the cloud than it is in your local computer or hard disk. Want to test that theory, just ask around how many people use any encryption in their computers, mobiles, USB drives? This is a very basic test that many of us don't pass. Another one, if your computer or external disk crashes, would you recover ALL your data in less than 1 hour?

As you can see, the challenge here is because it is on you/us to define and implement consistent configuration with appropriate data access and process and distribution and backups across all your environments. This is a costly process (would you have a separate laptop 100% synchronized with your current laptop just in case it crashes?) and usually requires specialist knowledge for administration. In Microsoft Office 365, that is all baked into the service for you.

Not to mention archiving is built directly into the cloud, so you can take actions like preservation, deletion, auditing, and data loss prevention, and perform search based on who uploaded the data, who modified the data, date range, keyword etc.

To be able to viewing and perform actions on the data are extremely privileged operations and in the Microsoft cloud there are defined roles defined for a specific set of people. If you're not satisfied with it, the scope and reach of these roles can be defined the customer itself (after all, they own the data).

Feel free to share your experience with storing data in the Microsoft cloud or Office 365, or any other cloud provider company for that matter.