GDPR Compliance: 75% of Enterprise Cloud Services Still Not Ready

Compliance deadlines are hard set with good reason -- either you’re in line with the rules when the clock ticks to midnight or you’re not. So far, a startling number of enterprise cloud services, emulating far too many organizations, won’t be ready when the European Union General Data Protection Regulation (GDPR) goes live on May 25, 2018.

Three in four cloud services examined in Netskope’s September 2017 Cloud Report still lack key capabilities to ensure GDPR compliance, the cloud security provider said. It's undeniably getting late early to reconfigure cloud services to GDPR ready.

The data, Netskope observed, suggests some standardization in enterprise cloud adoption with a minor decrease in the average amount of cloud services in use per enterprise. Perhaps that signals companies are successfully easing users away from unsanctioned and shadow IT-related apps, Netskope said. According to the report, the average enterprise has deployed 1,022 cloud services, down slightly from last quarter's average of 1,053. Of those cloud services in use, only 24.6 percent received a “high” GDPR-readiness rating, based on where data are stored, level of encryption and data processing agreement specifics.

"On the eve of the compliance deadline, complete visibility into and real-time control over cloud usage and activity in a centralized, consistent way that works across all cloud services is paramount for organizations to understand how they use and protect their customers' personal data and, consequently, comply with the GDPR," said Sanjay Beri, Netskope CEO and founder.

Netskope’s research into enterprise data threats includes the growing spectre of Bitcoin malware, cloud storage and collaboration services, and measurements of the types of cloud services used by enterprises.

Bitcoin malware rising: Cryptocurrency-related malware now accounts for .9 percent of all threats, many of which are hosted in IaaS environments such as Amazon Web Services.

Backdoors opening: Backdoors account for 27.4 percent of all detections. Next is ransomware at 8.6 percent, adware at 8.1 percent, JavaScript at 7.2 percent, Mac malware at 7.2 percent, Microsoft Office macros at 5.9 percent, and PDF exploits at 2.7 percent.

“High severity” threats booming. Serious threats comprise 87 percent of all threats, up from 69 percent last quarter.

Bad sharing up: Some 24 percent of malware-infected files were shared with others, including internal or external users, or shared publicly.

Collaboration, storage playing big: About 50 percent of the top 20 enterprise cloud services cover storage or collaboration. As a result, organizations should keep an eye on data flowing in and out of cloud storage or collaboration services, Netskope said.

Manufacturing tops cloud services: Manufacturing uses the highest average amount of cloud services at 1,370, followed by healthcare and life sciences with 1,340. Financial services, banking, and insurance came in third with 1,175 and retail, restaurants, and hospitality fourth with 976. Technology and IT services dropped to 772 this quarter.

HR’s popularity: Human resource cloud services are the most popular -- and most likely to house sensitive and personal data as defined by the GDPR. Enterprise collaboration apps rose to 85 in use, up from 71 last quarter, signaling a shift in the way enterprise workers are getting things done.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.