[lars-b2018]

It can really come down to a business case. What are the chances or risk of a virus or ransomware occurring? And what are the potential costs and challenges of dealing with that? If I can reduce my exposure to information, legal and operational risk, which is hard to directly quantify and yet is ever-present, plus some anticipated reduction in operating expenses, it can start to look good for a large portion of businesses with office operations.

[basch]

Which is exactly why "but mah data" is less about privacy in an enterprise world, and more about standardization and portability. Owning your data in the enterprise context means being able to ship it around it a reusable way, and not some proprietary Microsoft blob that will never work anywhere else, or having it scattered across a million APIs with a million different schemas with zero tools to grab it all at once.

The risk is less Microsoft ever reading your data and more never being able to divorce them at a later date. Entrenchment.

Those are problems that exist similarly whether youre in the cloud, or something on prem that you bought, built or customized.

Conversely, for anyco without good hygiene, standardized process, discipline, and respect for keeping things tidy, out of the box cloud process can be a godsend. It's not just minimization of risk, but built in architecture and integration and flow, which in and of itself can be more important than product features.