I can’t remember them saying there is a threat, or mentioning what it is. I only heard them saying marketing BS about how safe my data will be on their servers.
I doubt that any of them will ever publish their most detailed threat models.
If I had to guess, I would say the most likely threat is nosy or corrupt staff.
Protecting a key server is easier than protecting tens of thousands of servers and physical disks.
Legal requirements are not necessarily baseless either. They are in place to protect someone against something.
The data I have on these cloud services is extremely sensitive. All my identity documents, proof of address, examples of my signature, financial data, health data, etc. If someone were to get hold of these documents, they could steal all my money, my identity and make life hell for me.
I don’t think there’re such attack vectors. The reasons MS doing that with the data of their business customers are legal, not technical.
They keep medical data, legal data, government data for many jurisdictions around the world. Before doing that, they had to comply with FIPS 140-2, HIPAA, and a whole bunch of others: https://products.office.com/en-us/business/office-365-trust-...
> if all these companies say there is a threat
I can’t remember them saying there is a threat, or mentioning what it is. I only heard them saying marketing BS about how safe my data will be on their servers.