Brown’s Bytes – GDPR & Office 365 – Things Just Got Interesting!

Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes

16th November 2018

Just a quick update this week as I am mainly working on my slides for our VIEW event next week!

I have been banging the drum for a while now about how all organisations are being led, at some point, by Microsoft towards Office 365. A lot are already there, and for the remainder it’s increasingly now a question of when, not if, they migrate.

In the background there has also been that little item called GDPR. Microsoft provide a wealth of information on how to ensure you can stay compliant with GDPR when using their cloud stack.

Rather embarrassingly this week, the Dutch government have released a report raising eight issues with Office 365 in relation to GDPR and that their investigators had found “large scale and a covert collection of personal data”. That’s a pretty serious accusation and you really do need to read into the detail to see that – as always – it is a bit more nuanced than the headline suggests. Worth considering all the same.

It has perhaps felt that things had quietened down on the GDPR front recently, but that’s really just the deadline passing and the next phase starting. It is now that the serious work starts, with investigations into data breaches having already been reported and it’s not a major surprise to me that EU governments are going to be picking over large US technology vendors looking for a big scalp.

In fairness to Microsoft I am sure they will remediate the issues listed. A quick scan of their GDPR page shows they take it very seriously and it’s reported they’ve apparently addressed two of the issues raised by the Dutch government already with a “zero exhaust” setting. What a great name – who knew that clouds had exhausts!!??

The key point here is really to constantly keep an eye on cloud security. A bit like with GDPR, it’s important that you don’t just review security at the time of adoption but build continuous evaluation into your processes once deployed. The risk with cloud services is that the features available change over time. In many cases this is a massive benefit – new features for zero extra cost or effort can be a real bonus. But remember these need to be security reviewed even if you don’t think you will use them… it’s your data that these features will interact with.

Get in touch if you need to discuss Office 365 security in more detail, or hopefully ask me in person when you come to VIEW next week… see you there!

Oh, and make sure you check your Zero Exhaust setting!