29 August 2019

190829 GDPR, Outsourcing and Microsoft Office 365 banned in German schools

190829 GDPR, Outsourcing and Microsoft Office 365 banned in German schools
=======================================================================

Recently in July 2019, German state authorities banned using of Microsoft Office 365 due to privacy concerns and security issues.
Microsoft answer and promise of moving cloud data from servers outside EU to others inside EU space is just a gimmick to circumvent recent GDPR legislation.

Why?

The proof is the quite recent scandal from Sweden, where internal databases of Transportation Ministry (Transport Styrelsen) and private sensitive data where accessed of unverified and unauthorised personal of IBM Romania in Bucharest.

How it happened? 
Simple. 
"Greed", "Cut costs", "Outsourcing" and "Cloud computing and storage" are the answers.

Transportation Ministry (Transport Styrelsen) has outsourced the maintenance of its databases to IBM Sweden in Stockholm.
Via IBM intranet, all sensitive data was accessible worldwide.

The mechanism is identical in Germany and in rest of Sweden, where any state authority or private company has outsourced its internal IT services and maintenance.
Technically inside affected customer, is drawn a physical paralel cabled network directly coupled/mapped to intranet of the external international company responsible for outsourcing services, circumventing totally actual EU GDPR legislation and compromising internal security of affected customer.
Or direct VPN links are established between intranet of company responsible for outsourced services and intranet of the customer.

The common element is one: all companies responsible for outsourcing services are located in USA.