Cyber security leader Symantec on Wednesday announced new enhancements to its Data Loss Prevention (DLP) technology to protect information in Office 365.
With Symantec DLP, data is protected whether at rest or in transit — on-premises or in the Cloud — and everywhere it flows through a single management console, the company said in a statement.
“As enterprises migrate to Office 365 and other Software-as-a-Service (SaaS) applications, they risk a huge potential of data loss, which is made even more complex in the face of increasing data regulations such as GDPR,” said Nico Popp, Senior Vice President of Information Protection, Symantec.
Monitoring and protecting data in the Cloud generation is a complex task, and EU’s General Data Protection Regulation (GDPR) and other similar privacy regulations have further raised the stakes on data security, privacy and compliance.
Enterprises are rapidly adopting SaaS applications, including Office 365, that require data to continuously move between endpoints, Cloud and third parties such as partners, vendors or contractors, said Symantec.
In a first such case globally, schools in Germany have banned the use of Microsoft Office 365, after a data privacy authority for the state of Hesse ruled that using the popular software exposes personal information of students and teachers “to potential access by US authorities”.
“The use of Microsoft Office 365 in schools is illegal under data protection law, as far as schools store personal data in the European cloud,” said the ruling by Michael Ronellenfitsch, the Hesse Commissioner for Data Protection and Freedom of Information (HBDI).
In declaring that Windows 10 and Office 365 is not compliant with EU General Data Protection Regulation (GDPR) for use in schools, this development ends years of debate over whether “schools can use Microsoft’s Office 365 software in compliance with data protection regulations”.
The Hesse Commissioner has suggested schools to switch to similar applications with on-premise licenses on local systems.
Microsoft said it looks forward to working with the Hesse Commissioner to better understand their concerns.
“When Office 365 is connected to a work or school account, administrators have a range of options to limit features that are enabled by sending data to Microsoft. We recently announced based on customer feedback, new steps towards even greater transparency and control for these organizations when it comes to sharing this data,” a Microsoft spokesperson told Arstechnica in a statement.
For years, there has been a discussion in Germany about whether schools can use Microsoft’s Office 365 software in compliance with data protection regulations.
In August 2018, Microsoft announced to the public that for the Germany cloud contracts are no longer offered and the distribution of this product is discontinued.
Since then, the data protection authority asked a large number of teachers and school administrators, as well as school authorities, to use Office 365 in the European cloud.
“With the use of the Windows 10 operating system, a wealth of telemetry data is transmitted to Microsoft, whose content has not been finally clarified despite repeated inquiries at Microsoft. Such data is also transmitted when using Office 365. Also, the digital sovereignty of state data processing must be guaranteed,” said HBDI.
The authority said what is true for Microsoft is also true for the Google and Apple cloud solutions.
“The cloud solutions of these providers have so far not been transparent and comprehensible set out. Therefore, it is also true that for schools the privacy-compliant use is currently not possible,” said HBDI. (IANS)