Here are some insights …
- Only 6% of cloud services currently comply with incoming data protection laws, a survey has found. The overwhelming majority of 20,000 cloud services evaluated by cloud security firm Skyhigh Networks do not meet the stricter requirements to protect data set out under the EU’s General Data Protection Regulation (GDPR).[1]
- Only 2% of cloud-based applications currently comply with rules introduced by the GDPR, according to the 2016 Shadow Data Threat Report published by security firm Blue Coat. The report is based on data gathered by the security firm’s Elastica Cloud Threat Labs, which analysed more than 15,000 enterprise cloud applications in use and 108 million enterprise documents stored and shared within them.[2]
- Under the new law, companies will have 72 hours to report data loss to their regional authority. However, just 1% of cloud services are able to notify authorities of a security incident within 24 hours, and virtually all cloud services will struggle to meet GDPR’s requirement to notify authorities within 72 hours.[3] As it stands, only 45% of companies have a complete plan for breach notification.[4]
- 58 %of cloud services do not provide guarantees regarding IP ownership, with some service providers taking ownership of all IP uploaded to their service and others failing to specify what happens to user IP.[5]
[1] ‘Skyhigh Networks Launches New EU GDPR-Readiness Service for Customers,’ SkyHigh website, 21st September 2016 https://www.mcafee.com/enterprise/en-us/home.html
[2] ‘2016 Shadow Data Report,’ Blue Coat, July 2016 https://insidecybersecurity.com/sites/insidecybersecurity.com/files/documents/mar2017/cs2017_0097.pdf
[3] Ibid
[4] Cloud Security Alliance’s survey of over 200 IT professionals https://www.mcafee.com/enterprise/en-us/home.html
[5] ‘Skyhigh Networks Launches New EU GDPR-Readiness Service for Customers,’ SkyHigh website, 21st September 2016 https://www.mcafee.com/enterprise/en-us/home.html
