6533b828fe1ef96bd128839c
RESEARCH PRODUCT
Is My Office 365 GDPR Compliant? : Security Issues in Authentication and Administration
Tessa ViitanenNestori Syynimaasubject
ta113Computer scienceinformation securityOffice 365Microsoft OfficeComputer securitycomputer.software_genreAuthentication (law)pilvipalvelutGDPRtietoturvacomputerAdministration (government)Azuredescription
The General Data Protection Regulation, commonly referred as GDPR, will be enforced in all European Union countries in May 2018. GDPR sets requirements for processing EU citizens’ personal data regardless of the physical location of the organisation processing the data. Over 40 percent of European organisations are using Office 365. Microsoft claims that Office 365 service is GDPR compliant, and has provided tools to help Office 365 customers to ensure their GDPR compliancy. In this paper, we present some security issues related to the very foundation of Office 365 service, namely Azure Active Directory and administrative tools, and assess their GDPR compliancy. Our findings reveal that personal data stored in Office 365 is subject to undetectable security breaches, preventing organisations to be GDPR compliant. We also propose actions to take to minimise the impact of the security issues. peerReviewed
year | journal | country | edition | language |
---|---|---|---|---|
2018-01-01 |