Research dampens claims cloud providers are GDPR-ready

Skills shortage, malicious attack, and shadow IT comprise greatest concerns with cloud adoption

Cloud rain

Only half of organisations say all their cloud providers have a plan for GDPR compliance ahead of the 25 May deadline to comply with the new data protection legislation, a report has found.

Surveying 1,400 CISOs and IT managers around the world, McAfee's The State of Cloud Security report also found a direct link between an organisation's confidence in their provider's state of GDPR readiness and the level of investment they are willing to commit to cloud services.

Despite over 80% of organisations in a previous survey indicating they expected help from their service providers to achieve regulatory compliance, McAfee's latest findings showed only half of respondents said that all their cloud suppliers had a plan in place ahead of the deadline to comply with GDPR, which sets out tougher penalties for organisations that misuse EU residents' data, and hands more control to people over how their information is used.

Organisations more confident in their cloud providers' GDPR readiness were more likely to spend more on cloud services in the coming year, with those lacking confidence more likely to keep investment at the same level.

Just under half of respondents anticipated increased investment in light of GDPR, while 44% of organisations said they expected spending to remain flat. Less than 10% of organisations anticipated decreasing their investment in their cloud services, again contrasting with the findings of McAfee's Beyond the General Data Protection Regulation (GDPR) which found organisations were projected to reduce investment by $85,000 on average as a result.

"The implementation of the incoming GDPR, due to come into force in just over a month's time, will affect cloud users around the world," said Nigel Hawthorn, data privacy expert in McAfee's cloud security business unit.

"Becoming GDPR compliant requires a combination of knowledge, processes, policies, technology and training, as well as detailed understanding of data flows to and from third parties and cloud services. With this in mind, it is concerning that only half of the respondents stated that all of their cloud providers have a plan in place for GDPR compliance."

Cloud Pro has previously warned against relying on third-parties to ensure compliance with GDPR.

Skills shortages underline wider issues

The latest edition of McAfee's annual report on the current state and future plans for cloud adoption and security also shed light on cloud adoption progress, as well as the main concerns proving obstacles for some organisations.

A quarter of respondents highlighted a lack of staff with skills to manage security for cloud applications, and only 24% of organisations reported that they suffered no skills shortage, while the research found 40% of IT leaders reported they were slowing their organisation's cloud adoption.

Data theft, however, was ranked as the greatest concern, with 56% of professionals saying they had tracked a malware infection back to a cloud application, up from 52% the previous year.

Lack of visibility, meanwhile, was cited as one of the most commonly experienced issues - spanning users creating cloud workloads outside of an organisation's IT department (shadow IT), a lack of transparency around what data is stored in the cloud, and an inability to monitor cloud workloads.

UK organisations slowest to adopt, and most cautious

Organisations in the UK were the slowest to adopt cloud services of those surveyed, while they were also found to be the most cautious over storing sensitive data.

When asked how many months organisations would take for their IT infrastructure to be 80% cloud-based, respondents in the UK answered 19 months, versus an average of 14 months.

Moreover, organisations in the UK were also found to be the least likely to store all of their sensitive data in the public cloud - only 10% versus an average of 25% - while a quarter of UK organisations said they stored no sensitive data in the cloud, the joint-highest with Germany.

Personal customer information comprised the majority of sensitive data, with 61% of organisations keeping such data in the public cloud, followed by payment card information, internal documents, and employee information.

Visibility underpins secure cloud adoption

The report pinpointed a lack of visibility as the key factor hindering organisations from securing their cloud services, concluding visibility-driven organisations, regardless of whether they have adopted a cloud-first strategy or not, have a better awareness of shadow IT and take direct responsibility for the security of their cloud data.

"Poor visibility has a bigger impact on navigation than any single control or capability. After all, you cannot steer around what you cannot see," the report concluded.

"The leading adopters of cloud services understand this axiom and are integrating cloud visibility into their IT operations to accelerate business. Better cloud visibility enables an organisation to adopt transformative cloud applications sooner, respond more quickly to security threats, and reap the cost savings that virtualisation provides."

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

What is Gaia-X? A guide to the EU’s unified cloud ecosystem
public cloud

What is Gaia-X? A guide to the EU’s unified cloud ecosystem

11 Feb 2021
Best NAS drives 2021
network attached storage (NAS)

Best NAS drives 2021

6 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
AWS’ new S3 Storage Lens gives an in-depth view of cloud storage
Amazon Web Services (AWS)

AWS’ new S3 Storage Lens gives an in-depth view of cloud storage

19 Nov 2020

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Microsoft to launch standalone Office 2021 suite
Microsoft Office

Microsoft to launch standalone Office 2021 suite

19 Feb 2021