close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                              Let's Do Great Things Together
                              Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskope Technical Support
                                  Netskope Technical Support
                                  Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    Netskope video
                                    Netskope Training
                                    Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.

                                      It’s time to take GDPR seriously

                                      Mar 14 2017
                                      Tags
                                      Cloud Best Practices
                                      Cloud Security
                                      Compliance
                                      GDPR
                                      Tools and Tips

                                      The EU General Data Protection Regulation (GDPR) aims to better protect the privacy of personal data for EU citizens. It’s considered the world’s most significant — and aggressive — data privacy law to date, and, with just over a year until it goes into effect in May 2018, it’s time for businesses to start taking it seriously.

                                      Here’s why: it affects businesses in nearly every country in the world. Any company that markets goods or services to EU residents is subject to the GDPR, regardless of where it is located. Companies that violate this regulation can face charges of up to €20 million or four percent of their global revenue, whichever is greater.

                                      To give an example of the impact of the regulation, consider these hypothetical fines that could come from failure to comply:

                                      • General Mills -$164 million
                                      • Apple – $8.6 billion
                                      • HP – $1.9 billion.

                                      These numbers are staggering and should serve as a wake-up call for businesses to start taking steps toward compliance.

                                      Here are a few important steps to take in order to ensure companies are heading in the right direction.

                                      First and foremost, educate your employees.

                                      Our survey at this year’s RSA conference found that 51% of respondents have never even heard of the GDPR, and only 9% have detailed knowledge of the regulation. What’s more, 75% of respondents stated that their employer has neither informed them about GDPR, nor how the regulation might affect work processes. Only 9% stated that their company has offered plenty of information.

                                      These numbers are concerning, and prove that companies aren’t taking the regulation seriously enough. Businesses must educate their employees about the regulation, and how it affects not only company data, but the personal data they share through their devices and the cloud services they use.

                                      On that note…

                                      Know the cloud services used within your organization

                                      Our RSA survey also found that businesses severely underestimate the number of cloud services in use in their organization – over half (53%) of respondents estimated that there are less than 100 cloud services in use. In reality, this number is over ten times higher – our January Netskope Cloud Report found that enterprises are now using, on average, a total of 1,031 cloud services.

                                      Even more concerning, 94.8% of cloud services  are not enterprise ready, meaning they lack necessary security controls.,Because many companies lack visibility into their cloud service  environment, this is an important next step in moving toward GDPR compliance.

                                      Above all, remember this: you’re only as secure as your knowledge of your cloud service ecosystem. If one of your employees is using an unsanctioned, non-GDPR-compliant cloud service, your organization is at risk of failing to comply.

                                      Know what data is in the cloud, both corporate and personal


                                      It’s important that enterprises are aware of both the cloud services in their environment and the data resident in those services.. This is not just limited to corporate data, but also to personal data (e.g., a user’s PHI, PII). One challenge for organizations is that many, if not most, personal data for which the organization is legally responsible are found in emails and unstructured content like documents that are stored  in cloud services not sanctioned by IT. The data are then downloaded and stored on mobile devices and shared with others outside the company, taking it out of the IT department’s direct control.

                                      To become compliant, organizations must have insight into which personal data are processed by users and cloud services, prevent personal data from being stored in ways that violate security policies, and protect personal data when stored or processed through cloud services. Companies will need to implement measures to bring such cloud services under the visibility and control of the organization.

                                      Make sure your cloud services are GDPR ready

                                      Businesses have a long way to go before their cloud services are GDPR-ready. The January Netskope Cloud Report found that 66% of all cloud services do not meet the threshold for GDPR compliance, meaning they lack proper residency, privacy, and security controls to meet the requirements of GDPR. This percentage has decreased from the 75% we found in our June 2016 Cloud Report, but it’s a staggering number given the regulation goes into effect in just over a year.

                                      Digging in further, the January report found that 82% of cloud services do not encrypt data at rest, 66% do not specify that their customers own the data in their terms of service, and 42% do not allow administrators to enforce password controls. Because these features are all required for full GDPR compliance, this is a problem that businesses must address if they want to avoid fines.

                                      Whether you’re a European organization or a multi-national organization with European customers, the GDPR will have major effects on your approach to and use of the cloud. Having visibility into and control of your data are key ingredients in taking steps toward compliance in the coming fourteen months.

                                      Stay informed!

                                      Subscribe for the latest from the Netskope Blog