Cloud apps messing with businesses' GDPR compliance

Cloud apps are messing with businesses and making their lives harder, Netskope, cloud access security broker announced today.

The announcement is followed by a report that says only 21 per cent of small and medium-sized enterprises are confident they will comply with the upcoming regulations, including the GDPR, set to be finalised in Spring 2016 and enforced from 2018.

The GDPR (EU General Data Protection Act) forces companies to make sure the data is kept confidential and safe. Cloud apps are making this difficult as the data created through them is kept on the cloud, shared via mobile devices (often private ones, at that) and beyond a company's direct control.

To make things worse, a majority of these apps are found not to be enterprise-ready, meaning they lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability and vulnerability remediation.

“The GDPR will have far-reaching consequences for both cloud-consuming organisations and cloud vendors,” said Eduard Meelhuysen, VP EMEA, Netskope. “With the ratification of this piece of legislation imminent, the race is on for IT and security teams who now have two years to comply. Although that might sound like a lengthy timeframe to complete preparations, the significant scope of these reforms means that businesses have their work cut out to ensure compliance in time for the EU’s deadline.”

“The key is to start preparations as soon as possible. The technical challenges are made even more significant by the myriad complications presented by the cloud and shadow IT, which make personal data even harder to track and control,” said Meelhuysen. “As a starting point for GDPR compliance, organisations need to conduct an audit to ensure they understand what cloud apps are in use – both sanctioned and unsanctioned – and what data are in those cloud apps.