*(resend due to forgetting to remove the quoted content and thereby blowing the post size limit)*
Chaps, thanks for the great comments on this. I've forwarded a paste-up of the important parts to the person I'm working with on the hospital data. Next time I talk to someone who manages web servers or an IT department and I get the old argument that they don't trust putting data in the cloud, I'm gong to ask them to explain to me what their policies are regarding backups, security defense, threat models, intrusion detection, etc, and what skills they have. When I get a confused and indignant reply I can take the high ground in the argument and borrow some points from what Greg L said. Now that we know that major governments and security services are spying on us by devious means, I guess there's nothing you can do against that (or a court order) without politicians getting involved. However, that's not a typical threat to a business application containing personal information. Hospitals aren't worried about ASIO stealing their databases, they're worried about complying with state and federal laws, and from what I've read so far, Azure management seem to be working hard to build trust in this area. I'm certainly feeling much more confident about Azure security after what I've read in the last couple of days. I'm going to continue to develop the demo in Azure anyway, as it's really convenient. *Greg K*
