Bulk of Cloud services still not GDPR-ready

Despite looming May 2018 deadline, Netskope’s quarterly report on enterprise services finds little change in GDPR-readiness levels.

  • Tuesday, 19th September 2017 Posted 7 years ago in by Phil Alsop
Netskope has released the September 2017 Netskope Cloud Report™ on enterprise cloud service usage and trends. With the compliance deadline for the European Union General Data Protection Regulation (GDPR) fast approaching in May 2018, this quarter’s report took a close look at GDPR readiness among enterprise cloud services, finding little change in level of preparedness compared with levels previously reported. Nearly three-quarters of cloud services still lack key capabilities to ensure compliance.

 

Data suggests enterprise standardisation in cloud adoption

In this report, Netskope observed a slight dip in the average amount of cloud services in use per enterprise, signalling that enterprises may be standardising on cloud services and coaching users away from unsanctioned and shadow IT-related apps. The average enterprise has deployed 1,022 cloud services, down slightly from last quarter’s average of 1,053. Of those of cloud services in use, only 24.6 percent received a GDPR-readiness rating of “high”, based on attributes like location of where data are stored, level of encryption and data processing agreement specifics.

 

Threat landscape continues to evolve: Bitcoin malware a new finding

When examining threats putting secure enterprise data at risk on a daily basis, the Netskope Threat Research Labs found backdoors were the most frequent threat across enterprise environments, accounting for 27.4 percent of all detections. This is followed by ransomware at 8.6 percent, adware at 8.1 percent, JavaScript at 7.2 percent, Mac malware at 7.2 percent, Microsoft Office macros at 5.9 percent, and PDF exploits at 2.7 percent.

 

This quarter’s report also took a look at Bitcoin or cryptocurrency-related malware for the first time, finding that it accounted for .9 percent of all threats, many of which are hosted in IaaS environments like Amazon Web Services. In addition, “high severity” threats made up 86.9 percent of all threats, up from 69 percent last quarter, and 23.8 percent of malware-infected files were shared with others, including internal or external users, or even shared publicly. 

 

Collaboration apps show no signs of slowing down

With half of the top 20 list consisting of cloud storage or collaboration services, organisations should keep an eye on data flowing in and out of these services. Many cloud storage and collaboration services connect to other cloud services (for example, cloud storage connecting to Salesforce or DocuSign), and a comprehensive cloud security program should take into account what controls to place in cloud service-to-cloud service communications and processing.

 

“Cloud adoption is an inevitability and has enormous business value for enterprises across all geographies and verticals.  It also introduces a new set of complex security challenges in the enterprise, with regulations like the GDPR one of the more complex challenges,” said Sanjay Beri, CEO and founder of Netskope. “On the eve of the compliance deadline, complete visibility into and real-time control over cloud usage and activity in a centralised, consistent way that works across all cloud services is paramount for organisations to understand how they use and protect their customers’ personal data and, consequently, comply with the GDPR.”

 

Average cloud services per enterprise by category

This quarter, the average amount of cloud services per enterprise decreased 2.9 percent to 1,022 cloud services, compared to 1,053 last quarter. For the second quarter running, manufacturing led the way with the highest average amount of cloud services used with 1,370, followed by healthcare and life sciences with 1,340. Financial services, banking, and insurance came in third with 1,175 and retail, restaurants, and hospitality fourth with 976. Technology and IT services dropped to 772 this quarter.

 

With regard to specific cloud services, HR services are the most popular-- and most likely to house sensitive and personal data as defined by the GDPR. Collaboration apps saw a jump: the average enterprise has 85 collaboration apps in use, up from 71 last quarter. By contrast, the average number of productivity apps in use actually went down, signaling a shift in the way enterprise employees are getting things done — favoring collaboration and communication over traditional productivity trackers.