Is My Office 365 GDPR Compliant? : Security Issues in Authentication and Administration
Syynimaa, N., & Viitanen, T. (2018). Is My Office 365 GDPR Compliant? : Security Issues in Authentication and Administration. In S. Hammoudi, M. Smialek, O. Camp, & J. Filipe (Eds.), ICEIS 2018 : Proceedings of the 20th International Conference on Enterprise Information Systems. Volume 2 (pp. 299-305). SCITEPRESS Science And Technology Publications. https://doi.org/10.5220/0006770602990305
Date
2018Copyright
© Syynimaa & Viitanen & SCITEPRESS, 2018.
The General Data Protection Regulation, commonly referred as GDPR, will be enforced in all European Union
countries in May 2018. GDPR sets requirements for processing EU citizens’ personal data regardless of the
physical location of the organisation processing the data. Over 40 percent of European organisations are using
Office 365. Microsoft claims that Office 365 service is GDPR compliant, and has provided tools to help Office
365 customers to ensure their GDPR compliancy. In this paper, we present some security issues related to the
very foundation of Office 365 service, namely Azure Active Directory and administrative tools, and assess
their GDPR compliancy. Our findings reveal that personal data stored in Office 365 is subject to undetectable
security breaches, preventing organisations to be GDPR compliant. We also propose actions to take to
minimise the impact of the security issues.
Publisher
SCITEPRESS Science And Technology PublicationsParent publication ISBN
978-989-758-298-1Conference
International Conference on Enterprise Information SystemsIs part of publication
ICEIS 2018 : Proceedings of the 20th International Conference on Enterprise Information Systems. Volume 2Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/27977387
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
What affects the intention to change information security behavior when using biometric authentication in mobile payments?
Väli-Klemelä, Ainohelena (2021)Mobiilimaksut ja mobiilimaksusovellusten käyttö ovat lisääntyneet merkittävästi viime vuosina. Käyttäjät käyttävät erityyppisiä tunnistautumismenetelmiä mobiilimaksujen suorittamiseen, mukaan lukien biometrinen tunnistautuminen. ... -
Evidence in cloud security compliance : towards a meta-evaluation framework
Hentula, Antti (2019)Recently the trend of outsourcing IT services into cloud environments as opposed to traditional locally administrated services has been on the rise. This transition allows enables great cost savings through service flexibility ... -
Toward a stage theory of the development of employees' information security behavior
Karjalainen, Mari; Siponen, Mikko; Sarker, Suprateek (Elsevier, 2020)Existing behavioral information security research proposes continuum or non-stage models that focus on finding static determinants for information security behavior (ISB) that remains unchanged. Such models cannot explain ... -
Review of the methods for the development of information security policies at organizations
Wu, Shan (2016)This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of ...