More than 75% of organisations aren’t addressing Cloud services in their preparations for the EU General Data Protection Regulation (GDPR), according to a study by Netskope.
Netskope’s September 2017 Cloud Report found that only 24.6% of Cloud services have a “high” level of GDPR-readiness, which is, remarkably, the same percentage as in the June 2016 report.
The study looked at factors such as where data is stored, the level of encryption and data processing agreement attributes.
That so few organisations are close to meeting the GDPR’s requirements is bad enough, but the report’s definition of “high” GDPR-readiness is generous. Of that group, only 61.7% specify that the customer owns the data in their terms of service, 42.9% support encryption of data at rest and 19.7% replicate data in geographically dispersed data centres.
The report also found a growing trend of bitcoin- and cryptocurrency-related infections. Although these account for only 0.9% of all infections, the success of such attacks could lead to more in the future. Netskope advises organisations to “enact best-practice policies like enabling versioning for critical content in [C]loud storage services, creating firewall rules to block bitcoin pools, and scanning uploads and downloads across [C]loud services”.
Netskope also recommends that organisations put in place access controls and conduct data flow audits to review what data is going through these services.
This could be an extensive process, as Netskope found that companies have an average of 1,022 Cloud services in use. The report lists the most used services:
- Microsoft OneDrive
- Microsoft Outlook
- Google Drive
- Google Gmail
- Microsoft SharePoint
Need help preparing for the GDPR?
Organisations are neglecting more than just Cloud services in their GDPR preparations. Our 2017 GDPR Report found that organisations are failing to put in place the correct processes to comply with data subject rights and they can’t find qualified staff to implement a compliance programme.
If you need help preparing for the Regulation, you should take a look at our GDPR Documentation Toolkit. The toolkit contains easy-to-use templates, customisable worksheets, policies and expert guidance.
By using our toolkit, you can make sure that you’ve adequately identified any risks to personal data and are able to put in place the necessary controls to protect your data. The trial version includes several sample documents and policies that you can try out.