CCC - Security Concerned Queries on Outlook Integration
Summary:
• As per method suggested in the document, the API permission required for the app that need to be registered on Azure AAD would have read/write access to all mailboxes in ITC. Since Oracle Cloud will have the rights to call that API, what controls are being considered to restrict such API call for identified Hotels users only and not the mailboxes of every user in ITC.
• As per the organization policy , e-mail & related data shall not be accessible from the outside of ITC network. But, using the proposed Outlook Add-in, organization E-mail ,Contacts , Calendar etc. shall be synced with Oracle CRM portal & such portal is accessible from anywhere. Subsequently, the e-mail , contacts etc. can be downloaded outside of ITC network . So, organization data espionage can be highly possible with this described data channel between Outlook & Oracle CRM. Please clarify this issue & also let us know if the necessary approvals have been obtained duly explaining such risks of