In the latest quarterly Cloud Report released by Netskope it has found that two thirds (66.3%) of all cloud services in use, in the enterprise, are not ready. This is because these organisations lack the key capabilities to comply with the regulations.
According to the report, enterprise cloud service usage continues to rise, and despite the best efforts of IT, unsanctioned cloud service usage remains a problem as half of all users of sanctioned cloud storage services also have a personal instance of the same cloud service.
As the deadline for compliance approaches, the report put these results in the context of the impending European Union General Data Protection Regulation (GDPR). It found that while there has been some improvement, an already-mentioned two-thirds of enterprise cloud services are not on track to meet compliance requirements.
Majority of cloud services still not GDPR ready
In 2016, Netskope created a unique methodology to score cloud services on GDPR compliance, including evaluating those services’ data retention policies, privacy features, and data protection regimens and normalising scores to a 1-100 scale.
Services with a score above 70 are considered ready for GDPR compliance. This report found that 66% of all cloud services do not meet this threshold, meaning they lack proper residency, privacy, and security controls to be considered compliant with the requirements of the GDPR, or near enough to be ready to comply by the May 2018 deadline.
>See also: An insight into the cloud storage industry
While this percentage has decreased from the 75% (reported in the June 2016 Netskope Cloud Report), enterprise cloud services still have a long way to go in order to be ready over the next year-and-a-half.
Drilling further into specific measures, 82% of cloud services do not encrypt data at rest, while 66% do not specify that their customers own the data in their terms of service.
A further 42% of those enterprise’s surveyed do not allow admins to enforce password controls, while 40% back data up to a secondary location – some of which do not conform to the GDPR’s data residency requirements
“Until very recently, organisations had to take an all-or-nothing approach to allowing cloud services. If they sanctioned a cloud storage service for corporate use, they also needed to accept any additional personal instances of that cloud storage service or block the service entirely,” said Sanjay Beri, founder and CEO, Netskope.
“As our customers make cloud services a strategic advantage for their businesses, when it comes to governing and securing those services, they are realising granular policies can ensure that sensitive data does not leak from the sanctioned instance of a corporate cloud service to an unsanctioned one.”
Shadow IT remains a growing problem
This quarter, the average number of cloud services in use per enterprise in EMEA rose to 845, up from 824 the previous quarter.
>See also: Top 6 data trends for the enterprise in 2017
Of those services in use, roughly 95% are not enterprise ready. Shadow IT even affects sanctioned cloud services, as half of all users of sanctioned cloud storage services like Box or Dropbox also have personal instances of the same cloud service, which can make detection and mitigation of activities like data exfiltration more difficult.
- Slack makes its way up the top 20 list, but Microsoft maintains top spot
Last quarter, Slack cracked the top 20 list for the first time, and shows no sign of slowing down, reaching the 16th position this quarter.
Newcomers like ServiceNow also cracked the top 20, but Microsoft Office 365 continues to reign supreme, with Microsoft Office 365 OneDrive for Business and Office 365 Outlook.com taking the number 1 and 2 spots, respectively.
- IaaS on the rise
More than 90% of Netskope customers use IaaS services like Amazon Web Services, Microsoft Azure, and Google Cloud Platform, with enterprises using an average of 4 IaaS services.
This includes both sanctioned and unsanctioned services, across services like Amazon, Microsoft, Google, CloudShare, Linode, Rackspace, and more.
- Ransomware a larger threat than macros and mobile attacks
For the first time, Netskope analysed ransomware as a malware type, finding 7.4% of all enterprise threats were ransomware.
More than a quarter of the malware was shared with others (both internally and externally), a drop from last quarter’s 55.9%.
This may be attributable to the fact that Netskope customers are proactively taking steps to address cloud malware risks.