As Enterprises Opt for More Cloud, 64% in New Survey Say GDPR Doesn’t Apply to Them
The findings from FileCloud and Spiceworks should spur channel partners to help clients boost cloud and data security.
More enterprises are storing data in the cloud, yet doing little to advance the security of those efforts and comply with stringent GDPR regulations.
That’s according to the inaugural Enterprise Cloud & Data Security Report compiled by vendors FileCloud and Spiceworks.
And organizations’ “remarkably passive” attitude, as FileCloud put it, toward cloud and compliance places them in danger of fines or breaches that could cost millions of dollars, and more.
The situation underscores that channel partners need to act as experts, helping customers get their acts together before catastrophe strikes.
Key Findings — and the Problems They Highlight
Source: FileCloud, Spiceworks
More enterprises are moving away from public cloud and adopting multicloud models (a combination of private, public and hybrid cloud infrastructure and services). The shift shows that organizations do not fully trust any cloud configuration.
To that point, just more than half – 58% – rely on public cloud, while the remaining 42% use the private cloud. There’s usually a hybrid model involved to allow access to either hosting method. Meanwhile, some companies don’t use cloud at all; 30% choose to self-host, FileCloud found.
This pervasive distrust of cloud technology often leads businesses to separate their data and files. Only the most innocuous records will go into the public cloud, while the critical information resides in the private cloud or on company servers, according to FileCloud.
But fragmenting content opens businesses to data leaks, hacks and noncompliance, as the vendor pointed out. Enterprise data management, especially in multicloud settings, “needs to have strong security, audit and governance frameworks,” the authors wrote.
Part of the problem, though, is that an overwhelming majority of respondents – 64% – think GDPR does not apply to their organizations.
That may qualify as the most frightening finding in the FileCloud report, and partners will want to take note.
Security vendor Fortinet offers some quick and simple guidelines for understanding whether an organization must meet GDPR requirements, and this becomes more prescient as enterprises store data in the cloud. Partners can use the resource as a starting point for helping clients determine their responsibilities toward the law. Does the business:
Possess any personally identifiable information?
Operate in the European Union?
Offer goods and/or services in the European Union?
Monitor the behavior of European Union residents?
If any of the answers are in the affirmative, the business needs to speed up its GDPR compliance efforts. Yet that points to another issue: Such activity remains in flux. Even though GDPR went into full effect on May 25, 2018, 38% of U.S. companies surveyed by FileCloud say they do not know when their organizations will reach complete compliance. Another 25% said they expect to be compliant any time, while the another 25% said compliance will happen by the end of this year.
At the same time, these organizations are storing more and more data in the cloud. More than three-quarters – 75% – have public cloud file sharing and storage. Just more than 70 percent (72%) keep business applications and databases in the public cloud. The same percentage host backup, archiving and recovery in the public cloud as well.
FileCloud suggests that the dueling priorities of laissez-fair GDPR compliance and growing cloud usage comes down to lack of funding and support from upper management.
“The best way for management to demonstrate support for data privacy initiatives is to …
… allocate appropriate funding, yet 72% of enterprises responding to our survey said that they have no idea how much of their IT budget will be allocated to GDPR,” the authors wrote. “At least for the moment, it is apparent that management teams at most U.S. companies don’t consider GDPR compliance a top priority.”
Where Partners Fit
Partners arguably have the responsibility to guide customers toward GDPR compliance and sound cloud data and security approaches. And a number of them are doing just that. Channel Futures reached out to three indirect firms specializing in GDPR compliance for interviews for this article but did not get responses.
Nonetheless, FileCloud’s Enterprise Cloud & Data Security Report stands out as a call to action for channel partners handling cloud deployments. Consider the additional discoveries discussed in the report:
Sixty-four percent of businesses think personal sharing apps (Dropbox, Box, etc.) pose the top data security threat to their organizations.
Eighty-two percent of company administrators think employees/users are the weakest link when it comes to data security.
One in two companies say they will not move mission-critical workloads to the public environment.
“In spite of reservations, most companies do recognize the incredible potential of cloud-based environments to aggregate data into a central location while keeping that data safe,”. FileCloud authors concluded. “Businesses that can get their cloud strategy right will enjoy a comparative advantage over less cloud-savvy peers.”
Read more about:
Channel ResearchAbout the Author
You May Also Like