Do you use business cloud-based applications in your enterprise? I am sure that the answer to that question is “yes”. The bad news is that you probably use an application that does not totally protect your enterprise’s data. Enterprise data contain sensitive financial information. Such data can ruin a business if it fell into the wrong hands.
Only 2% of business cloud-based applications follow European Union’s General Data Protection Regulation (GDPR). There are more than 15,000 business cloud applications, and according to a report by Blue Coat’s Elastica Clout Threat Labs.
About 25 per cent of all files stored in the cloud are shared, and 12 percent of these records contain confidential data or compliance-related data. The security lab analysed more than 15,000 applications to come up with the report. In these cloud applications, the enterprise examined 108 million business documents shared within them.
GDPR laws will take effective effect in 2018, 25 May. The regulations focus on solidifying data protection for both individuals and business enterprises. The rules require that all companies that process data for EU citizens to comply with the laws.
Elastica performed the analysis to determine the readiness of business applications for the GDPR. The company covered 15 major areas covered in the regulations, including encryption of stored data, administrators’ audit paths, and access control and anti- brute force measures.
Of all the enterprise cloud applications assessed by the Elastica Labs, only 2% comply with the GDPR. As expected these are cloud applications from big tech companies. Salesforce, Google Drive, Box, Microsoft Office 365 and Dropbox comply with GDPR.
According to the report, another 25 percent of the business cloud-based applications comply with some GDPR laws but have a long way to go before they can be considered fully GDPR compliant.
The report insists that control of the business cloud-based apps is the first step towards cloud security. But, administrators currently do not have much control over the “shadow data”, thus increasing the risk of sensitive enterprise data exposure. “Shadow data” in the context the report refers to all the content users of cloud apps upload, share and store using both authorised apps and unauthorised apps.
Unfortunately, even if managers restricted company employees to using only GDPR compliant apps such as Dropbox and Microsoft Office 365, there is no guarantee that they have fully escaped risks of data breaches and compliance infringements. Even with the compliant apps, administrators will find it difficult to trace what the employees are doing. Employees may still upload and share extremely sensitive information without authorization. The only way to reduce data exposure is visibility of shadow data.
63 percent of risky user behaviour in the cloud indicate attempts to exfiltrate data, and 37 percent of suspicious cloud activity show attempts to infiltrate into the cloud accounts. 2 percent of cloud accounts indicate signs of malicious activity.
Cloud data security is a major concern to most business enterprises. Only one-third of confidential data in cloud applications is encrypted.