The recent European Court of Justice’s invalidation of the US-EU Safe Harbor as complying with the EU Directive on the protection of personal data is a foreboding precursor to the passing of the European Commission’s pending General Data Protection Legislation (GDPR).
Both rulings have huge implications for how businesses around the world use, store, and move people’s private data, and there’s a lot of talk out there in the media about it. But there’s something missing: what this legislation means given the uncontrolled growth of cloud apps and shadow IT.
Here’s the issue: Every line of business and every individual in every organization is using cloud apps. OK, that’s a slight exaggeration, but not by a lot. Here’s what we know. The average organization has 755 cloud apps in use (in Europe, it’s slightly lower, at 608). And we’re not talking eBay and Candy Crush.
The apps we’re talking about include finance, marketing, human resources, supply chain, customer relationship management, enterprise resource planning, and more. Every line of business has adopted or is adopting a plethora of easily-integratable, best of breed apps to address today’s productivity, workflow, and even competitive challenges. In fact, so many of our customers view these apps as critical to their new initiatives that I’d go so far as to say that any organization undergoing a new technology initiative that isn’t cloud-based is probably making a mistake.
It’s not just apps. It’s data. Last year we commissioned The Ponemon Institute to conduct a survey and develop a framework that measures the financial impact of cloud in data breaches. One of many fascinating findings is that IT and security respondents believe that they have 30 percent of their business data in the cloud (the estimate in Europe was 10 percent). Our data tell us that IT underestimates the number of cloud apps in their organization by about 90 percent. If they’re underestimating apps by that much, we believe that 30 (or 10) percent number is low too.
So with hundreds of apps and at least a third of organizations’ business data in the cloud, how can any company that does business in the European Union even THINK about complying with this legislation?
At Netskope, we have been hard at work addressing cloud security and compliance challenges, including this one. You’ll see more from us on this topic, and as the GDPR legislation gets solidified, ensure compliance using Netskope. But you can get started today; here are four practices cloud-consuming organizations can do to prepare for this legislation:
Know what cloud apps you have. Knowing what cloud apps (or “processors,” in the parlance of the pending legislation) you have running in your environment is a critical first step. You cannot begin to protect privacy data if you don’t even know where those data are being stored. If you have not performed a Cloud Risk Ass