Developments like working from home and other remote work models have made access to data from different devices and locations indispensable. Whether it’s e mails, photos on the cloud, or work on shared documents, the synchronization of these data makes our everyday lives much easier. However, as soon as access credentials and data are transferred to third-party servers, there is an often underestimated risk of losing control of sensitive information.
A recent example of this is the new desktop version of Microsoft Outlook, which has been gradually released since 2023. Now when you use this popular e-mail program, the access information for e-mail accounts is sent to Microsoft and Microsoft can download and process messages. This means that control of sensitive information is no longer exclusively in the hands of the users and the e-mail provider. Instead, a third party has access to confidential data and personal communications. Although this topic is not new, it is becoming increasingly important due to the growing dependence on cloud services and the increasing concerns of data protection officers. This becomes particularly problematic if private individuals or companies are contractually or legally obligated to keep this data confidential.
How the flow of data through Outlook is changing
Normally, log-in data and e-mails are only shared between the e-mail program (such as Outlook) on the user’s device and the e-mail provider’s server, where the e-mail is stored (such as Hostpoint).
The e-mail program accesses the e-mails on the provider’s server using, for example, IMAP (“Internet Message Access Protocol”) and displays a copy on the user’s device. When IMAP is used, the emails normally stay stored on the e-mail provider’s server. This makes it possible to access them from different devices without difficulty. Together with encryption (SSL/TLS), this ensures that communication between the end device and the server is protected from access by unauthorized third parties.
What is changing in the new version of Outlook? The key aspect of Microsoft’s new Outlook is that the application is no longer run locally on user devices, but on the cloud by Microsoft.
To make this work, all data—e-mails, passwords (and your behavior data)—first need to be directed through Microsoft’s servers and centrally stored there. This means that Microsoft has direct access to all this data, which has not been the case with the conventional IMAP/SMTP setup in the past.
It’s particularly problematic that this fact was not communicated to users in a clear and transparent way, even when asked. Currently, this process cannot be changed or circumvented in Outlook, limiting control over highly sensitive data.
Risks of central storage
Many users and IT workers must now consider what risks are posed by disclosure of this access data to third parties and by storage of the data by these third parties.
One of these risks relates to the servers and security architecture of large enterprises and international companies in sectors like finance, healthcare, and technology. As these businesses often store large quantities of sensitive data, they are not only attractive targets for cyber criminals, but may also (depending on the industry) be legally obligated to implement special data protection measures. If a third-party provider obtains access to sensitive access data and e-mails, this provider becomes an additional potential target for attacks and data breaches.
“The safest way to protect data from misuse is not to collect it. Applied to e-mails, this means not giving third parties unnecessary access.”
Particularly unpleasant and complex legal uncertainties arise due to the conflict between the domestically binding Swiss Federal Data Protection Act (FADP) and the US CLOUD Act, which applies to American companies.
The FADP protects individuals and their data in Switzerland. It imposes a high standard on companies for handling of personal data. This is true of both Swiss companies and American ones if they are operating on the Swiss market. Under the CLOUD Act, US authorities can demand that American companies surrender data regardless of where the data is stored or what laws apply at this location. This applies to data collected and stored by US companies in Switzerland or in the EU.
The fast track to Swiss data protection
With E-mail & Cloud Office, Hostpoint offers a comprehensive solution that meets the highest security standards. A significant benefit is storage of all data in Switzerland, free from access by uninvolved third parties. This not only guarantees compliance with strict data protection laws, but also protects the data against access by external companies and foreign authorities.
On top of that, our Cloud Office offers a user-friendly platform including not only the classic e-mail service, but also calendars, address books, and generous drive storage for synchronization and management of data. These functions can be used as an individual or in a team without the data ever leaving secure servers in Switzerland.
Companies that must comply with statutory regulations benefit from additional security thanks to storage in a FINMA-certified computing center. Your data is not analyzed and “evaluated” for advertising or other purposes, which is the case for many (especially free) e-mail providers.
And if you have questions or experience difficulties, Hostpoint offers free support in four languages seven days a week by e-mail and telephone.
Blog tip:
If you want to learn more about our E-mail & Cloud Office solution, visit our product page or read our blog post “Allow us to introduce you to the new e-mail services from Hostpoint”.