Luca Bongiorni, a security advisor for Bentley Systems was both annoyed and surprised that a Canonical salesperson had tracked him down on a completely distinct service and had knowledge that he had just spun up an Ubuntu Linux 18.04 instance on the Microsoft Azure Cloud.
Bongironi’s upset went big when the globally popular Amazon Web Services (AWS) blogger and Chief Cloud Economist at the Duckbill Group Corey Quinn called Microsoft out for sharing their client’s data tweeting,
@azure had a GOLDEN chance to draw a ‘we don’t mine your data, we don’t compete with you, WHO KNOWS what @GCPcloud and @awscloud do with your private cloud data!’ Rather, they legit did specifically what their rivals don’t, however, we bother about.
Bongironi requested Microsoft regarding this incident to which the company replied,
At Microsoft, customer’s privacy and trust are of topmost preference. We don’t sell any data or information to third-party companies and solely share the client information with Azure Marketplace publishers when clients deploy their product, as described in our Terms and Conditions. Our terms with our publishers enable them to offer clients with implementation and technical support for their products but limit them from utilizing contact details for marketing purposes.
Regarding to this incident, Canonical replied,
According to the Terms and Conditions of Azure, Microsoft shares with Canonical, the publisher of Ubuntu, the contact information of developers deploying Ubuntu instances on Azure. These contact information are held in Canonical’s CRM as per privacy rules. On February 10th, a new Canonical Sales rep reached one of these developers through LinkedIn, with a poor choice of word. Considering this incident, Canonical will be examining its sales training and policies.
However, Bongiorni doesn’t hold responsible the Canonical sales representative. “He just did what he has been told to do. The problem is with upper management I suppose.”
Bongiorni stated that he won’t be spinning any further instances of anything on Azure and will be considering taking his work to a European-based closed provider to ensure that there will be more clarity and more GDPR openness.
Are you looking for more security updates? Subscribe to our newsletter for the latest security news right from the security and research industries.