According to the findings of the Netskope-commissioned YouGov research, which surveyed over 500 businesses, only 21% of IT professionals in medium and large businesses felt sure they would comply with upcoming regulations, including the GDPR – which is set to be finalized in Spring 2016 and enforced from 2018.
A further 21% of respondents assumed that their cloud providers would handle compliance obligations on their behalf, which is explicitly not the case, according to the wording of the GDPR. A further 18% of those surveyed admitted that the topic of compliance and regulation surrounding cloud apps “strikes fear into their hearts,” highlighting the extent of confusion and concern in light of the coming changes to the regulatory landscape.
Asked specifically about cloud app use, 29% of IT pros said that they were aware employees use ‘some’ or ‘many’ unauthorized cloud apps within the business. A tiny 7% of respondents from medium and large organizations said they had a solution in place to deal with the use of unsanctioned apps within the workplace. Cloud apps pose a particular challenge to GDPR compliance because they often create unstructured data – which are covered by the legislation, but are typically much harder for organizations to manage because of how the data are created and stored. Data are typically created by users of cloud apps such as productivity or collaboration applications, often meaning that data are stored on mobile devices and shared with others through unsanctioned applications and cloud storage. All of these data are outside the organization’s direct control, and therefore pose a serious risk to compliance with the GDPR.
The latest Netskope Cloud Report (Autumn 2015) found that the average number of cloud apps in use per enterprise in the Europe, Middle East and Africa (EMEA) region was 608, a 26% increase from the previous report. This demonstrates the huge potential for the creation of unstructured data, the management of which poses significant regulatory risk. To add to this uncertainty, 89.8% of these apps were found to be not enterprise-ready, lacking key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability and vulnerability remediation.
“The GDPR will have far-reaching consequences for both cloud-consuming organizations and cloud vendors,” said Eduard Meelhuysen, VP EMEA, Netskope. “With the ratification of this piece of legislation imminent, the race is on for IT and security teams who now have two years to comply. Although that might sound like a lengthy timeframe to complete preparations, the significant scope of these reforms means that businesses have their work cut out to ensure compliance in time for the EU’s deadline.”
Under the GDPR, organizations must be sure that personal data are processed in ways consistent with the regulation. This means that businesses must take organizational and technical measures, beyond traditional security measures that are aimed at confidentiality, integrity and availability of the data, in order to ensure compliance with the GDPR.
“The key is to start preparations as soon as possible. The technical challenges are made even more significant by the myriad complications presented by the cloud and shadow IT, which make personal data even harder to track and control,” said Meelhuysen. “As a starting point for GDPR compliance, organizations need to conduct an audit to ensure they understand what cloud apps are in use – both sanctioned and unsanctioned – and what data are in those cloud apps.”
To help organizations with the significant technical and organizational challenges posed by the GDPR, Netskope recently launched the Netskope Cloud Compliance and Remediation Service for the EU GDPR to guide companies towards compliance.
Netskope has published an associated downloadable GDPR readiness kit full of information and best practice around achieving GDPR compliance, with specific reference to the challenges posed by cloud app use. To view or download the white paper for free, please click here.
Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence. To learn more, visit our website.