Just 2% of more than 15,000 enterprise cloud application analysed are GDPR-ready, according to a cloud risk report
Some 98% of cloud-based applications do not comply with rules introduced by the European Union’s (EU’s) General Data Protection Regulation (GDPR), a report has revealed.
Nearly a quarter of all files stored in the cloud are shared, and around 12% of those contain compliance-related data or confidential data, according to the1H 2016 Shadow Data Threat Report published by security firm Blue Coat.
The report is based on data gathered by the security firm’s Elastica Cloud Threat Labs, which analysed more than 15,000 enterprise cloud applications in use and 108 million enterprise documents stored and shared within them.
The GDPR, which comes into force on 25 May 2018, is aimed at strengthening data protection for individuals in the EU and requires compliance by any company anywhere in the world processing personal data relating to EU citzens.
Elastica has analysed business apps for GDPR readiness, covering fifteen key attributes, including access control, brute force protection, encryption of data at rest and in motion, and admin audit trails.
Across all enterprise-oriented cloud apps tracked by Elastica, just 2% are GDPR ready, but that includes popular apps such as Microsoft Office 365, Google Drive, Salesforce, Box and Dropbox.
A further 25% of business apps meet some of the GDPR requirements for usage in the EU, but have some way to go before being considered fully compliant, the report said.
Challenge of shadow data
Gaining visibility and control over cloud apps is a key first step in maintainingcloud security, but the report said “shadow data” poses a much greater challenge to IT’s ability to prevent the loss or non-compliant exposure of sensitive corporate data.
In the context of the report, “shadow data” refers to all the content that users are uploading, storing, and sharing – not only using unsanctioned cloud apps, but sanctioned ones as well.
Even if an organisation were to successfully limit employees to the use ofenterprise-grade file sharing apps, such as Box or Office 365, the report said it would not mean they have fully mitigated the risks of data loss or compliance violations.
Even with sanctioned apps, the report said it is challenging for organisations to identify and track how their users are using these apps, and what sort of sensitive data they may be uploading and sharing inappropriately.
“This lack of visibility into shadow data may result in risky exposures or compliance violations,” the report said.
For Full Story, Please click here.