cross-posted from: https://lemmy.ml/post/13035348
Following its investigation, the EDPS has found that the European Commission (Commission) has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission.
The EDPS has found that the Commission has infringed several provisions of Regulation (EU) 2018/1725, the EU’s data protection law for EU institutions, bodies, offices and agencies (EUIs), including those on transfers of personal data outside the EU/European Economic Area (EEA).
There goes my week and prolly the whole year… I look forward the internal assessment at my job but chances are local authorities will follow on this and the implications are crazy. At first read it puts the bars sooooo high on several principles that basically no existing IT intensive business will have a chance to survive similar audit.
The EU has made it very clear for a while now that European organizations cannot rely on American clouds or SaaS-providers. It’s perfectly possible to go without - it just means a lot of IT-orgs who have relied on having a career “in Microsoft” need to update their skillset.
« Perfectly possible » but at what cost and with what compromises though ? Not specifically looking at Microsoft - the same would apply to similar products. Also a lot of the blame is on the commission itself and the lack of controls over its data - which also has nothing to do with where it’s being processed. Even if you do 100% in EU with open source software you can still fail many of the controls if you don’t track your data, have appropriate documentation to demonstrate it, did the required assessments… and those expectations are what bit them in the ass I think. And likely it will bit a lot of other actors that aren’t putting much effort in the same.
Our of curiosity, which specific MS product is the one you see as most valuable / hardest to do without for IT security?
I can’t imagine it’s word or excel or anything document-centric. That’s what most people think of when they think of MS Office, but in this day and age there are plenty of totally servicable alternatives. This from someone who both freely admits MS Word is the best wysiwyg editor and still refuses to use it. The sharing/collaboration stuff is pretty tight with MS Office, but my experience is that most people don’t use it and just email around attachments even though it makes more savvy people want to pull their hair out.
I have to assume Outlook’s the big boy, right? Email & sync? And then, I assume, there’s lot of cloud services that typical end users don’t even know is there?
You’ll be surprised. Company documents are usually all made in the shitty format that only really works in MS Office.
And of course MSO doesn’t even provide .NET components so someone could create a converter tools using MSO, you have to work around it or use Libre Office’s
sofficecommand, which provides limited support for proprietary MSO features. Don’t tell me that’s not on purpose.I haven’t mentioned IT security at all have I?
A lot of businesses (including my current employer) seem to enjoy the integrated ecosystem offered by ms from the office suite to sharepoints to mail indeed with a sprinkle of power bi and the form thingy.
You can replicate all that but it is absolutely not trivial. And the end user also typically will find it less easy to interact with all the pieces.