IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Research dampens claims cloud providers are GDPR-ready

Skills shortage, malicious attack, and shadow IT comprise greatest concerns with cloud adoption

Cloud rain

Only half of organisations say all their cloud providers have a plan for GDPR compliance ahead of the 25 May deadline to comply with the new data protection legislation, a report has found.

Surveying 1,400 CISOs and IT managers around the world, McAfee's The State of Cloud Security report also found a direct link between an organisation's confidence in their provider's state of GDPR readiness and the level of investment they are willing to commit to cloud services.

Despite over 80% of organisations in a previous survey indicating they expected help from their service providers to achieve regulatory compliance, McAfee's latest findings showed only half of respondents said that all their cloud suppliers had a plan in place ahead of the deadline to comply with GDPR, which sets out tougher penalties for organisations that misuse EU residents' data, and hands more control to people over how their information is used.

Organisations more confident in their cloud providers' GDPR readiness were more likely to spend more on cloud services in the coming year, with those lacking confidence more likely to keep investment at the same level.

Just under half of respondents anticipated increased investment in light of GDPR, while 44% of organisations said they expected spending to remain flat. Less than 10% of organisations anticipated decreasing their investment in their cloud services, again contrasting with the findings of McAfee's Beyond the General Data Protection Regulation (GDPR) which found organisations were projected to reduce investment by $85,000 on average as a result.

"The implementation of the incoming GDPR, due to come into force in just over a month's time, will affect cloud users around the world," said Nigel Hawthorn, data privacy expert in McAfee's cloud security business unit.

"Becoming GDPR compliant requires a combination of knowledge, processes, policies, technology and training, as well as detailed understanding of data flows to and from third parties and cloud services. With this in mind, it is concerning that only half of the respondents stated that all of their cloud providers have a plan in place for GDPR compliance."

Cloud Pro has previously warned against relying on third-parties to ensure compliance with GDPR.

Skills shortages underline wider issues

The latest edition of McAfee's annual report on the current state and future plans for cloud adoption and security also shed light on cloud adoption progress, as well as the main concerns proving obstacles for some organisations.

A quarter of respondents highlighted a lack of staff with skills to manage security for cloud applications, and only 24% of organisations reported that they suffered no skills shortage, while the research found 40% of IT leaders reported they were slowing their organisation's cloud adoption.

Data theft, however, was ranked as the greatest concern, with 56% of professionals saying they had tracked a malware infection back to a cloud application, up from 52% the previous year.

Lack of visibility, meanwhile, was cited as one of the most commonly experienced issues - spanning users creating cloud workloads outside of an organisation's IT department (shadow IT), a lack of transparency around what data is stored in the cloud, and an inability to monitor cloud workloads.

UK organisations slowest to adopt, and most cautious

Organisations in the UK were the slowest to adopt cloud services of those surveyed, while they were also found to be the most cautious over storing sensitive data.

When asked how many months organisations would take for their IT infrastructure to be 80% cloud-based, respondents in the UK answered 19 months, versus an average of 14 months.

Moreover, organisations in the UK were also found to be the least likely to store all of their sensitive data in the public cloud - only 10% versus an average of 25% - while a quarter of UK organisations said they stored no sensitive data in the cloud, the joint-highest with Germany.

Personal customer information comprised the majority of sensitive data, with 61% of organisations keeping such data in the public cloud, followed by payment card information, internal documents, and employee information.

Visibility underpins secure cloud adoption

The report pinpointed a lack of visibility as the key factor hindering organisations from securing their cloud services, concluding visibility-driven organisations, regardless of whether they have adopted a cloud-first strategy or not, have a better awareness of shadow IT and take direct responsibility for the security of their cloud data.

"Poor visibility has a bigger impact on navigation than any single control or capability. After all, you cannot steer around what you cannot see," the report concluded.

"The leading adopters of cloud services understand this axiom and are integrating cloud visibility into their IT operations to accelerate business. Better cloud visibility enables an organisation to adopt transformative cloud applications sooner, respond more quickly to security threats, and reap the cost savings that virtualisation provides."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Cloud security market to hit $106 billion by 2029
cloud computing

Cloud security market to hit $106 billion by 2029

11 Apr 2022
Alkira offers Check Point CloudGuard Security to secure virtual cloud networks
Cloud

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Open source giant Red Hat joins HPE GreenLake ecosystem
automation

Open source giant Red Hat joins HPE GreenLake ecosystem

28 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022