Does it feel like you’re herding cats when it comes to managing app use within your organization? Well, you’re definitely not alone.
Our research revealed that, worryingly, 29 percent of respondents said they were aware employees use ‘some’ or ‘many’ unauthorized cloud apps within the business. Adding to that, 6 percent said they didn’t know what cloud apps were being used and 8 percent didn’t know how to answer the question. Combining these figures, that’s nearly half of respondents who either know for sure that employees are using unauthorized cloud apps, or have no idea whether they are… pretty depressing stuff.
With a ‘to do’ list that changes by the minute and is subject to the whims of employees and board members, it’s unsurprising that a quarter of respondents admitted they just don’t have time to police the use of cloud apps. This is despite 45 percent saying that when it comes to cloud app use, they are most concerned about security.
Only 21 percent of IT professionals in medium and large businesses felt sure they would comply with upcoming regulations, including the GDPR. That’s nearly 80 percent who are not confident of complying with the regulation in time, and 18 percent of our survey respondents said the topic of compliance ‘struck fear into their hearts,’ showing the scale of the regulatory challenge ahead for businesses.
The GDPR requires organizations actively to take measures to protect the data they hold. Companies won’t comply with the GDPR only through legal arrangements like policies, protocols and contracts. Rather, companies must take deliberate organizational and technical measures to ensure data protection and compliance in all areas. This is known as data protection by design, and goes beyond traditional security measures aimed at confidentiality, integrity and availability of the data.
The fact of the matter is that enterprise cloud apps just aren’t ready for the GDPR. The February 2016 Netskope Cloud Report found that 12.7 percent of cloud apps don’t support data portability requirements, and according to the regulation, this infringes on the rights of data subjects.
Additionally, our Cloud Report found that 43.2 percent of cloud apps keep data for longer than one week upon termination of service, going against the GDPR requirement that personal data must be deleted as soon as the purpose of use is no longer present. These two statistics alone point to the significant volume of work that lies ahead for enterprises, as well as the cloud app vendors that serve them.
Still with us? Good! Because the point of all this is that it’s one thing spouting data points highlighting the scale of the problem, and proving you’re in the same boat as others. But that’s not going to make the problem go away, or make you feel any better about it, is it?
Feeling depressed and helpless about this situation stems from a catch-22: you find yourself trapped between concerns about ensuring compliance, and at the same time you’re facing pressure from users who continue to rely on cloud apps. You’re stuck between a rock and a hard place.
Controlling and securing data in cloud apps will be absolutely central to GDPR compliance, so managing the organization’s interactions with the cloud is a good place to start. This can be achieved by:
- Discovering and monitorin