[badminton1]

You cannot look at the code, and cannot monitor the infrastructure. The only thing left is trust.

Trust in the belief that Microsoft will act in your best interest regarding the privacy of your data.

But, isn't reasonable then to ask if Microsoft is actually trustworthy? PRISM, NSAKEY, Flame malware propagating via Windows Update, their 0day policy... I don't think Microsoft is trustworthy.

[willvarfar]

People choose managed services all the time.

If you worry about interception, then code inspection and monitoring isn't going to give you any assurances. You'd have to run open-source software locally, audit it, and not put it on a cloud like Azure in the first place?

(And the NSAKEY was something completely different if you dig into it.)

[badminton1]

Using a service means trusting a service. Nothing wrong with either, it's a decision up to the consumer.

I am just saying, in this specific case, should you trust Microsoft with your data? That's all.

[itaysk]

https://www.microsoft.com/en-us/TrustCenter/Privacy/default....

If you don't trust MS you can trust one of the organisations that certified them for the strictest compliance and regulations in the public cloud space.

[badminton1]

Sounds good. But how do you exactly verify those claims? Again, you can't. You are back to square 1: trusting Microsoft acts in good faith and acts in your best interest.

[EpicEng]

How do you verify that a doctor is making the right call re how to treat your cancer? You either become a doctor yourself, or trust that they know what they're doing.

[badminton1]

And what if a doctor has a controversial reputation?

[willvarfar]

Well, do you trust Amazon, Google, Oracle or Rackspace? How about your local mum pop hosting provider? How is Microsoft different?

[badminton1]

A track record of backdooring everything that can be backdoored.