One of the first questions people ask about cloud computing platforms surrounds cloud data privacy.
In the case of Office 365, customers own their own data and Microsoft complies with a number of
"Though they certainly can," said Carl Brooks, analyst with Tier1 Research, a technology analyst company based in New York.
"It is something negotiated individually with Google -- and of course doesn't remove the actual fact that Google is in full control of user data," Brooks said.
Microsoft, comparatively, has worked for some time to assure customers of the cloud data privacy protection and security standards that Office 365 can meet, while maintaining a generally multi-tenant cloud service, said Wes Miller, an analyst with Directions on Microsoft, an independent analyst firm based in Kirkland, Wash.
Microsoft Office 365 customers retain all rights, title and interest in the data they store. At any time, customers can remove their data or download a copy without any assistance from Microsoft. If a customer closes their account, Microsoft provides additional limited access for 90 days to export your data.
In addition, Microsoft also undergoes third-party audits each year to prove that it complies with policies and procedures for security, privacy, continuity and data handling, the company said in an email.
The ISO 27001 security benchmark that Office 365 abides by is an example of that.
Learn more about Microsoft cloud privacy
Windows Azure cloud data privacy
Office 365 also conforms to EU Model Clauses that address international transfer of data. For companies that need to comply with the Health Insurance Portability and Accountability Act (HIPAA), Microsoft will sign requirements for the HIPAA business associate agreement. The company also offers a standard data processing agreement (DPA) to all customers, which addresses privacy, security and handling of customer data. DPA allows customers to comply with their local regulations.
Microsoft's willingness to comply with ISO, European Union Model clauses and HIPAA may make potential customers more comfortable with using its cloud-based productivity offerings.
"I have not examined their liability in the event of violating the terms of these contracts, but it is a good first step for organizations that must remain compliant to the standards themselves," Miller said.
Microsoft may also attest to certain compliance standards that many organizations -- especially smaller ones – can't afford to, Miller said.
"In some ways, while people may wag their finger at the cloud in concern about compliance and security, it's a double-edged sword," he said. "If you host Exchange, Lync and SharePoint in your own data center -- or even more likely, in a data center where you're subletting rack space -- are you more or less cautious with your data and practical about your security than Microsoft or Google, for that matter, would be?"
Additional details on Office 365 privacy can be found in the Data Portability section of the Trust Center.