Warning over business apps as 98% are not GDPR ready

DataIQ News

As marketers across the UK battle with the looming EU General Data Protection Regulation (GDPR), they might want also to look at where their data is stored and the business apps they are using after a new study revealed that 98% of cloud-based apps do not currently comply with the legislation.

According to the 1H 2016 Shadow Data Threat Report, by security firm Blue Coat, almost a quarter of all files stored in the cloud are shared, with nearly 12% of these containing compliance-related data or confidential data.

For the report, the security firm gathered data from its Elastica Cloud Threat Labs. It analysed over 15,000 cloud applications utilised by enterprises and 108 million enterprise documents that were stored and shared within them.

To analyse business apps for GDPR readiness, Elastica covered 15 key attributes, including access control, brute force protection, encryption of data at rest and in motion, and admin audit trails.

Of all the enterprise-based cloud apps Elastica tracked, just 2% were found to be GDPR ready. However, that includes popular apps such as Microsoft Office 365, Google Drive, Salesforce, Box and Dropbox.

The report found that some of the GDPR requirements were met by an additional 25% of business apps, but there was still some way to go before they would be considered fully compliant.

Elastica's analysis also revealed cloud apps are being used more than previously thought, with organisations running 20 times more cloud applications than they estimate and the majority using an average of 841 across their extended networks.

However, the report also highlighted the importance of security as 1% of enterprise cloud as were found to still be vulnerable to one or more major exploits, including Heartbleed.