Only one in five companies say they are confident of complying with the upcoming EU General Data Protection Regulation (GDPR), according to new research released by Netskope.
Worryingly the research, which polled more than 500 businesses, found a similar number (21%) expect their cloud providers to handle compliance obligations on their behalf – a fact which is not the case according to the wording of the GDPR.
Only 7% of businesses polled said they had a solution in place for dealing with unsanctioned apps, while 29% of IT professionals surveyed said they were aware employees used “some” or “many” unauthorised apps. Netskope argues that cloud apps present a particular challenge for organisational compliance because they create unstructured data. In particular, the rise of mobility and the bring your own device (BYOD) culture leads to data which is outside the organisation’s direct control, and again a risk to compliance.
Eduard Meelhuysen, Netskope VP EMEA, warned: “The GDPR will have far-reaching consequences for both cloud-consuming organisations and cloud vendors. With the ratification of this piece of legislation imminent, the race is on for IT security teams who now have two years to comply. The significant scope of these reforms means that businesses have their work cut out to ensure compliance in time for the EU’s deadline.”
The advice for organisations, Netskope argues, is to first of all conduct an audit to see which cloud apps, sanctioned or otherwise, are in use. Almost nine in 10 cloud apps reviewed were found to not be enterprise-ready, lacking SLAs, privacy and security certifications among others.
In the meantime, despite the warning for cloud providers some are taking steps to make the transition easier for companies. Netskope is launching a cloud compliance and remediation service, while as this publication previously reported, iland is investing in a separate compliance arm of its organisation.