Cloud Services in GDPR Compliance Fail
The majority of cloud services being used by global firms currently don’t meet the necessary standards for EU General Data Protection Regulation (GDPR) compliance, putting organizations at risk of potentially huge fines, according to Netskope.
The cloud security vendor based its findings on analysis of 23,000 cloud service by its Netskope Active Platform, used by hundreds of customers and millions of end users around the world, between January and March this year.
However, with less than a year to go until the deadline, it found little change in the readiness of cloud services to comply with the GDPR.
Specifically, 67% of the services appraised didn’t specify that the customer owns the data in their terms of service; 90% didn’t support encryption of data at rest; and 41% replicated data in geographically dispersed data centers.
This would put the firms using such services in contravention of the GDPR, with regulators able to levy a maximum fine of 4% of global annual turnover – or €20m – for serious non-compliance.
The manufacturing industry was the biggest user of cloud services, averaging 1222 this quarter. In second was the retail, restaurant and hospitality sector (1131), followed by financial services (1039) and healthcare (1014).
There was additional bad news for firms looking to get their GDPR compliance house in order, as the report revealed an increase in cloud DLP policy violations in collaboration services like Slack and HipChat.
These accounted for nearly 10% of total violations in Q1, according to Netskope.
Collaboration services are increasingly popular in the enterprise; Slack, for example, rose from number 15 to number 12 on the top 20 list of most used cloud services.
“Collaboration services are quickly displacing more traditional ways of communication and collaboration like email, and that means that more data is being shared inside of those services,” said Sanjay Beri, founder and CEO of Netskope.
“It’s critical that organizations implement solutions that afford real-time visibility and control, data loss prevention, and threat protection for these services – and the many ecosystem services they connect to – to ensure that collaboration is not hindered and their sensitive data remains secure.”
Source: Information Security Magazine