With the compliance deadline for the GDPR fast approaching in May 2018, a new Netskope report took a close look at GDPR readiness among enterprise cloud services, finding little change in level of preparedness compared with levels previously reported. Nearly three-quarters of cloud services still lack key capabilities to ensure compliance.
Data suggests enterprise standardization in cloud adoption
Netskope observed a slight dip in the average amount of cloud services in use per enterprise, signaling that enterprises may be standardizing on cloud services and coaching users away from unsanctioned and shadow IT-related apps.
The average enterprise has deployed 1,022 cloud services, down slightly from last quarter’s average of 1,053. Of those of cloud services in use, only 24.6 percent received a GDPR readiness rating of “high”, based on attributes like location of where data are stored, level of encryption and data processing agreement specifics.
Threat landscape continues to evolve: Bitcoin malware a new finding
This quarter’s report also took a look at Bitcoin or cryptocurrency-related malware for the first time, finding that it accounted for .9 percent of all threats, many of which are hosted in IaaS environments like Amazon Web Services. In addition, “high severity” threats made up 86.9 percent of all threats, up from 69 percent last quarter, and 23.8 percent of malware-infected files were shared with others, including internal or external users, or even shared publicly.
Collaboration apps show no signs of slowing down
With half of the top 20 list consisting of cloud storage or collaboration services, organizations should keep an eye on data flowing in and out of these services. Many cloud storage and collaboration services connect to other cloud services (for example, cloud storage connecting to Salesforce or DocuSign), and a comprehensive cloud security program should take into account what controls to place in cloud service-to-cloud service communications and processing.
“Cloud adoption is an inevitability and has enormous business value for enterprises across all geographies and verticals. It also introduces a new set of complex security challenges in the enterprise, with regulations like the GDPR one of the more complex challenges,” said Sanjay Beri, CEO and founder of Netskope. “On the eve of the compliance deadline, complete visibility into and real-time control over cloud usage and activity in a centralized, consistent way that works across all cloud services is paramount for organizations to understand how they use and protect their customers’ personal data and, consequently, comply with the GDPR.”
Average cloud services per enterprise by category
This quarter, the average amount of cloud services per enterprise decreased 2.9 percent to 1,022 cloud services, compared to 1,053 last quarter. For the second quarter running, manufacturing led the way with the highest average amount of cloud services used with 1,370, followed by healthcare and life sciences with 1,340. Financial services, banking, and insurance came in third with 1,175 and retail, restaurants, and hospitality fourth with 976. Technology and IT services dropped to 772 this quarter.
WIth regard to specific cloud services, HR services are the most popular, and most likely to house sensitive and personal data as defined by the GDPR. Collaboration apps saw a jump: the average enterprise has 85 collaboration apps in use, up from 71 last quarter. By contrast, the average number of productivity apps in use actually went down, signaling a shift in the way enterprise employees are getting things done — favoring collaboration and communication over traditional productivity trackers.