Cloud apps clash with GDPR

Netskope report reveals 75 per cent of cloud apps not ready for EU General Data Protection Regulation.

  • Monday, 13th June 2016 Posted 8 years ago in by Phil Alsop
Netskope has released its June 2016 Netskope Cloud Report on enterprise cloud app usage and trends. According to the report, in the first quarter of 2016 employees used, on average, 777 cloud apps in a given organisation, a slight increase from the previous report. The report focuses on cloud app readiness for the European Union General Data Protection Regulation (GDPR) and found that three-quarters of apps lack key capabilities to ensure compliance. In addition, the report found that 11 per cent of enterprises have sanctioned apps laced with malware, a nearly threefold increase from the prior report.



With full GDPR implementation less than two years away, many enterprise cloud apps have a significant amount of catching up to do before the deadline. 75 per cent of the more than 22,000 apps tracked fail to comply with the regulation’s data privacy mandate, lacking core security features like deleting personal data in a timely manner or violating data portability requirements. Failure to comply with the regulation will impose significant penalties on enterprises: $22 million or up to four per cent of annual worldwide revenue--whichever total is greater.



“The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR,” said Sanjay Beri, CEO and founder, Netskope. “With the deadline for compliance looming, complete visibility into and real-time control over app usage and activity in a centralised, consistent way that works across all apps is paramount for organisations to understand how they use and protect their customers’ personal data.”



Percentage of enterprises with malware-laced sanctioned cloud apps nearly triples



For the second quarter running, the report examined the percentage of enterprises that have sanctioned apps containing malware. This figure has nearly tripled from the previous cloud report, increasing from 4.1 per cent to 11.0 per cent. This reflects how cloud apps are a growing, particularly vulnerable threat vector for enterprises. The majority of malware detected were JavaScript exploits and droppers (63.3 per cent), which are increasingly used to deliver ransomware that encrypts users’ files or entire systems. The remainder consisted of macros (21.3 per cent), backdoors (4.9 per cent), mobile malware (4.3 per cent), and spy- and adware, Mac malware, and other malware rounding out the data at 3.2 per cent, 2.7 per cent, and less than 1 per cent, respectively. Nearly three quarters (73.5 per cent) of these detections were categorised as “severe,” and more than a quarter (26 per cent) of malware was detected in files that had been shared with others, demonstrating the ease of propagation and risk of malware in the cloud.



Additional findings



?      Microsoft maintains lead in enterprise app usage: Microsoft continues to dominate the enterprise cloud productivity and storage app markets, claiming seven of the top 20 apps in use by Netskope customers. Microsoft Office 365’s Outlook.com (Webmail) and OneDrive (cloud storage) apps come in at numbers two and three, respectively, after Facebook which claims the top spot. OneDrive for Business outranks Google Drive and Apple iCloud cloud storage apps, showing Microsoft remains the enterprise go-to.



?      Cloud storage apps continue to lead in cloud data loss prevention (DLP) violations: Cloud storage apps continue to dominate cloud DLP violations accounting for 73.6 per cent of all violations, followed by Webmail at 22.1 per cent. Downloads account for the majority of DLP violations (over 50 per cent), followed by upload and send. While protected health information (PHI) was the most common cloud DLP violation last autumn, this report saw personally-identifiable information take the lead at 44.0 per cent.