IBM Cloud wants to make sure that what happens in Germany stays in Germany, at least as far as its European customers' data is concerned. Starting next month, the cloud provider will institute new security measures at its Frankfurt data center that will restrict access to all data stored in the facility to EU-based IBM employees. These employees will also review, approve, or deny all access by non-EU based employees.
In addition, clients using IBM Cloud’s dedicated environments in Frankfurt will review and approve all non-EU access requests to their content whenever an issue, support or otherwise, requires such access. In those cases, access will be temporary, and the client will be notified when the access is ended. Logs tracking access will be available to the client.
Over time, the company said, this support model will be expanded to include IBM's full cloud architecture stack in Frankfurt, taking in infrastructure, AI, data, analytics, DevOps, and more. Beginning in 2018, German users will be offered full encryption -- at rest and in-transit -- with keys that will remain in possession of the customer.
Reading between the lines, this means that Big Blue has all but locked access to client accounts on Frankfurt servers for everyone outside Europe, including its own employees in the US.
The reasons behind this action go back to the days when Edward Snowden first revealed alleged spying by the US National Security Agency on foreign governments and business and include more recent efforts by the US Department of Justice to require Microsoft to turn over emails being held on a server located in Ireland to federal authorities.
In the later case, although an appeals court agreed with Microsoft's position that neither federal nor state law enforcement can use search warrants to seize data from non-US citizens that is located in data centers outside the US, the feds appealed and in October the Supreme Court agreed to hear the case.
This has been cause for concern for users across the globe who are utilizing cloud services owned by US-based companies, with concern being especially high in Germany after Snowden revealed the NSA had not only hacked German-based businesses but had eavesdropped and recorded the phone calls of chancellor Angela Merkel and other top German officials.
Big Blue already appears to be in compliance with Germany's tough data retention laws, which require much data collected by businesses to be stored within the country.
"IBM complies with the data privacy laws in all countries and territories in which it operates," it said in a statement announcing the policy change issued Wednesday. "IBM was an early leader in developing and adopting the European Union Data Protection Code of Conduct for Cloud Service Providers for several offerings, securing certification under the US-EU Privacy Shield and the APEC Cross-Border Privacy Rules."
Microsoft has already taken steps to ensure that its customers in Germany are protected if US courts greenlight the use of warrants to grab foreign owned data from US owned facilities overseas. In 2015 Redmond named T-Systems, Deutsche Telekom’s corporate customer unit, its "German Data Custodian," which controls access to customer data as well as supervising access to the infrastructure of Microsoft Azure's Germany-based data centers.
In preparation for the IBM Cloud policy change, Big Blue has been adding manpower to its EU support teams in order to provide 24x7 support. It currently has 16 data centers in the EU, located in France, Germany, Italy, the Netherlands, Norway, Spain, Switzerland, and the UK.
"These new EU-based employees bolster IBM technical expertise and client success staff across Europe to deliver a robust, always-on client experience that is designed to meet the needs of today’s global businesses," the company said. "This added benefit is provided at no additional charge to EU clients."
IBM also said that it intends to expand these changes to other markets where users face regulatory pressures in the future.