Who owns cloud data after it is uploaded?

No one really knows.

Many cloud providers do not provide appropriate security requirements or policies, which could leave organisations using them vulnerable, and could even have them fined after EU’s GDPR (General Data Protection Regulation) kicks in in 2018. This is according to a new research report by Skyhigh Networks, which analysed real life cloud usage data from 30 million users worldwide, across every major sector.   

The report claims that more than two thirds (69.7 per cent) of these applications do not specifically say who owns the data after users upload it. Ownership remains in the ‘grey zone’ which can be deadly for organisations after GDPR. Less than 10 per cent (8.7 per cent, exactly) have categorically stated that they won’t share the uploaded data with third parties, and 16 per cent delete all cloud data after the contract gets terminated.  All of these things could mean fines for organisations after 2018, Skyhigh concludes.  

There’s also something it calls the ‘cloud enforcement gap’. That’s basically the difference between what organisations think they’re blocking, and what they really are blocking. And this gap is also growing, especially when it comes to social media. In a few examples, its says that enterprises believe they have a 43.7 per cent block rate for Instagram, when in reality, it’s 6.4 per cent.  

The same thing goes for Facebook (63 per cent intended rate, versus 28.8 per cent real rate), Snapchat (63 per cent versus 20.2 per cent) and Twitter (30.8 per cent versus 12.6 per cent). Almost a third (31.3 per cent) of apps used in the enterprise are considered ‘risky’, but IT is not sanctioning them.  

The worst of the worst, according to the report, are PDF converter apps, namely PDF Split, PDF Unlock! And PDF to doc. It says these are the three of the top 10 most outlawed cloud apps, ‘a seemingly innocuous service that aids productivity’.   

Image Credit: Chaiyapop Bhumiwat / Shutterstock