At the Worldwide Partner Conference (WPC) last month in Orlando, we heard many of the same grumblings we've been hearing about Microsoft for years now: They don't care about on-premises servers. They're leaving IT administrators in the dust and hanging them out to dry while forcing Azure and Office 365 content on everyone. They're ignoring the small and medium business.
It's hard to ignore this trend. It's also true that the cost-to-benefit ratio continues to decrease to the point where common sense favors moving many workloads up to the cloud where you can transform capex and personnel expense to opex that scales up and down very easily.
But SharePoint Server is such a sticky product with tentacles everywhere in the enterprise that it may well be the last great on-premises application. Let's explore why.
The cloud simply means someone else's computer
One clear reason is that SharePoint, for so many organizations, hosts a large treasure trove of content, from innocuous memos and agendas for weekly staff meetings to confidential merger and acquisitions documents. In most organizations, human resources uses SharePoint to store employee compensation analysis data and spreadsheets; executives collaborate within their senior leadership teams and any high-level contacts outside the organization on deals that are proprietary and must be secured at all times; and product planning and management group store product plans, progress reports and even backups of source code all within SharePoint sites and document libraries.
No matter how secure Microsoft or any other cloud provider claims it can make its hosted instances of SharePoint, there will always be that nagging feeling in the back of a paranoid administrator's head: Our data now lives somewhere that is outside of my direct control. It's an unavoidable truth, and from a security point of view, the cloud is just a fancy term for someone else's computer.
Not even Microsoft claims that every piece of data in every client tenant within SharePoint Online is encrypted. Custom Office 365 offerings with dedicated instances for your company can be made to be encrypted, and governmental cloud offerings are encrypted by default, but a standard E3 or E4 plan may or may not be encrypted. Microsoft says it is working on secure defaults, but obviously this is a big task to deploy over the millions of servers they run.
Nothing is going to stop the FBI, the Department of Justice, the National Security Agency or any other governmental agency in any jurisdiction from applying for and obtaining a subpoena to just grab the physical host that stores your data and walk it right out of Microsoft's data center into impound and seizure. Who knows when you would get it back? Microsoft famously does not offer regular backup service of SharePoint, relying instead on mirror images and duplicate copies for fault tolerance, and it's unclear how successful you'd be at operating on a copy of your data nor how long it would take to replicate that data into a new usable instance in the event of a seizure.
Sign up for MIS Asia eNewsletters.