Cloud Apps Not Ready for GDPR

Cloud Apps Not Ready for GDPR

Enterprises rely on the cloud now more than ever, with a report by Netskope revealing an average of 769 cloud apps currently being used by organizations, an increase of 26.5% since their last study.

Despite this, as many as 88% of apps are not enterprise-ready – lacking important functionality such as security, service-level agreement and vulnerability remediation.

Netskope say organizations currently have a lot of work to do when it comes to monitoring and mitigating cloud-based threats.

Sanjay Beri, co-founder and CEO of Netskope said: 

"Now more than ever, it's imperative that organizations have complete visibility into and real-time actionable control over their cloud app usage to better monitor and understand trends and vulnerabilities. It's only with this knowledge that IT can begin to protect against threats lurking in cloud apps, such as malware."

Whilst the cloud access security broker found a very low proportion (4.1%) of companies were using ‘sanctioned’ apps that contained malware, when you consider that sanctioned apps normally make up less than 5% of an organization’s cloud app footprint, malware in the cloud could be a far bigger issue than we realize.

Sync and share mechanisms, used by the majority of cloud storage apps, play a significant role in the quick spreading of malware throughout a company, creating a ‘fan-out’ effect.

If the files of a single user become infected, and those files are also in a cloud sharing folder, when they are automatically synced the versions of the files in the cloud also became encrypted. From there, other users who sync the same folder to their devices will have their files encrypted too. This shows that hackers can take advantage of one of the cloud’s most useful capabilities, turning it into a company’s worst nightmare.

With the upcoming General Data Protection Regulation (GDPR) having the power to impose fines of up to 4% of global turnover (or €20 million, whichever is higher) for companies who do not meet its privacy standards, security is now of the upmost importance for all organizations who do business in Europe.

This is especially true for cloud-consuming companies who are likely to face an uphill struggle because the cloud uses so many connected endpoints, and so securing them is a difficult task. The report, along with further research by Netskope, found companies are clearly feeling the heat from this, with only one in five confident they will comply with the GDPR.

Speaking to Infosecurity, David Kennerley, Senior Manager for threat research at Webroot said:

“As with any technology, security should be at the forefront of any decision. Without doubt, moving to any cloud-based service introduces another attack vector organizations need to defend against.

“IT departments need to be taking a lead role in how cloud computing is utilized, managed and most importantly secured. With the reduction in support for the more traditional in-house services, it’s essential new cloud offerings receive at least the equivalent amount of support and management. The technology is only part of any solution, it’s the planning, implementation, the controls and monitoring that make any solution reach its full potential and reward the business accordingly.”

Kennerley also explained that failing to implement a strong cloud security infrastructure can be extremely damaging for a company, and not just because of GDPR fines.

“Public confidence has been severely knocked by the recent spate of high-profile attacks, and businesses need to start taking a more vocal stance on their cybersecurity,” he continued.

“The most important thing to remember is that it’s your data and you are responsible for securing it.”

Source: Information Security Magazine