Netskope Equips Organizations for EU GDPR Compliance with Specialized Cloud Risk Assessment and Professional Service

Netskope
November 19, 2015 Los Altos, Calif.

Company also provides complimentary GDPR readiness kit with white paper, compliance checklist, webinar, and in-person seminar workshops

Netskope, the leading cloud access security broker, today announced the availability of two services designed to help organizations comply with the upcoming European Union General Data Protection Regulation (GDPR): the Netskope Cloud Risk Assessment for the EU GDPR and the Netskope Cloud Compliance and Remediation Service for the EU GDPR.

The Netskope Cloud Risk Assessment for the EU GDPR will provide a one-time overview of all of the cloud apps in use across an organization’s network, assess the enterprise-readiness and likely compliance of those apps with the pending regulation, offer specialized reports that map to the regulation’s key principles, and provide policy recommendations to mitigate risk and bring the organization’s cloud usage into compliance with the current draft of the regulation.

The Netskope Cloud Compliance and Remediation Service for the EU GDPR will help organizations build a compliance program and implement security policies and workflows for their enterprise information security teams to manage ongoing compliance with the regulation. The service is customized for each organization based on their existing workflows and technologies, with special consideration for the GDPR compliance requirements relating to cloud services.

In addition to these new services, Netskope today also announced a GDPR Readiness Kit, a collection of complimentary resources designed to help organizations achieve GDPR compliance. Those resources include an in-depth white paper detailing the pending legislation and organizations’ responsibilities related to cloud app usage, a summary compliance checklist, a best practices webinar, and a series of local, in-person seminar workshops.

Set to be finalized in 2016 and enforced from 2017/18, the GDPR will require organizations to take measures to ensure the security and proper use of individuals’ personal data. The legislation covers data stored or “processed” by any service – including cloud apps – and includes unstructured content containing personally identifiable information (PII).

One of the most significant compliance challenges that organizations face under the GDPR is that many personal data are processed in an unstructured way – for example by employees using hundreds of cloud-based file-sharing, productivity, collaboration, customer relationship management, human resources, and finance and accounting apps. Under the GDPR, it is always the organization’s legal responsibility to protect such data, structured or unstructured, from loss, alteration or unauthorized processing. This applies even if workers use cloud services that are not pre-approved or controlled by the organization – so-called “shadow IT.”

One type of measure that companies can take to move towards GDPR compliance is to gain control of interactions with the cloud. This is achieved by:

  • Discovering and monitoring all cloud applications in use by employees;
  • Knowing which personal data are processed by employees in the cloud;
  • Securing data by enforcing policies that ensure that unmanaged cloud services are not being used to store and process personal information;
  • Coaching users to adopt the services sanctioned by the IT department; and
  • Using a cloud access security broker to assess the enterprise-readiness and adherence to the principles of GDPR of all cloud services and ensure that all data are protected when en route to or from, or at rest in, the cloud.

“In the day and age of cloud, BYOD and SaaS, there’s arguably no bigger challenge than monitoring, tracking and controlling data within an organization”, said Adrian Sanabria, analyst with 451 Research. “The GDPR is concerned with whether or not personal data belonging to EU citizens are misused and has some serious penalties and sanctions built into it. A breach of this sort of data will invoke this regulation regardless of whether the entire company was aware of personal EU data being stored, or only a single employee; whether the company is EU-based or not. Either way, the damage is done and the GDPR applies. Understanding what data exist and how they are being stored and handled is the new baseline for this and other new data regulations.”

“The GDPR is a complex and wide-ranging piece of legislation that greatly increases organizations’ responsibilities for data protection,” said Sanjay Beri, CEO, Netskope. “It is obvious from the requirements on unstructured data alone that cloud app usage is a major threat to companies subject to the regulation. With very significant fines of up to 5% of a company’s global turnover, organizations that fail to comply with the GDPR risk a disastrous impact on their reputation and bottom line.

“All organizations should be making preparations to comply now, and paying extremely close attention to how they use and protect their customers’ personal data. It might seem a daunting challenge, but the sooner companies start making preparations, the more time they will have to demonstrate compliance. Our new services are designed to help them achieve that, and avoid a hugely damaging incident in the process.”

 

Resources

  • Download a copy of the Netskope white paper on Managing the Challenges of the Cloud Under the New EU General Data Protection Regulation
  • For more information on the Netskope Cloud Risk Assessment for the GDPR, download this data sheet
  • For more information on the EU GDPR Cloud Compliance Assessment and Remediation Service download this data sheet
  • Register for the Netskope EU GDPR webinar
  • Register your interest for upcoming regional in-person seminar workshops

 

About Netskope

Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence. To learn more, visit our website.