Research dampens claims cloud providers are GDPR-ready

Skills shortage, malicious attack, and shadow IT comprise greatest concerns with cloud adoption

Cloud rain

Only half of organisations say all their cloud providers have a plan for GDPR compliance ahead of the 25 May deadline to comply with the new data protection legislation, a report has found.

Surveying 1,400 CISOs and IT managers around the world, McAfee's The State of Cloud Security report also found a direct link between an organisation's confidence in their provider's state of GDPR readiness and the level of investment they are willing to commit to cloud services.

Despite over 80% of organisations in a previous survey indicating they expected help from their service providers to achieve regulatory compliance, McAfee's latest findings showed only half of respondents said that all their cloud suppliers had a plan in place ahead of the deadline to comply with GDPR, which sets out tougher penalties for organisations that misuse EU residents' data, and hands more control to people over how their information is used.

Organisations more confident in their cloud providers' GDPR readiness were more likely to spend more on cloud services in the coming year, with those lacking confidence more likely to keep investment at the same level.

Just under half of respondents anticipated increased investment in light of GDPR, while 44% of organisations said they expected spending to remain flat. Less than 10% of organisations anticipated decreasing their investment in their cloud services, again contrasting with the findings of McAfee's Beyond the General Data Protection Regulation (GDPR) which found organisations were projected to reduce investment by $85,000 on average as a result.

"The implementation of the incoming GDPR, due to come into force in just over a month's time, will affect cloud users around the world," said Nigel Hawthorn, data privacy expert in McAfee's cloud security business unit.

"Becoming GDPR compliant requires a combination of knowledge, processes, policies, technology and training, as well as detailed understanding of data flows to and from third parties and cloud services. With this in mind, it is concerning that only half of the respondents stated that all of their cloud providers have a plan in place for GDPR compliance."

Cloud Pro has previously warned against relying on third-parties to ensure compliance with GDPR.

Skills shortages underline wider issues

The latest edition of McAfee's annual report on the current state and future plans for cloud adoption and security also shed light on cloud adoption progress, as well as the main concerns proving obstacles for some organisations.

A quarter of respondents highlighted a lack of staff with skills to manage security for cloud applications, and only 24% of organisations reported that they suffered no skills shortage, while the research found 40% of IT leaders reported they were slowing their organisation's cloud adoption.

Data theft, however, was ranked as the greatest concern, with 56% of professionals saying they had tracked a malware infection back to a cloud application, up from 52% the previous year.

Lack of visibility, meanwhile, was cited as one of the most commonly experienced issues - spanning users creating cloud workloads outside of an organisation's IT department (shadow IT), a lack of transparency around what data is stored in the cloud, and an inability to monitor cloud workloads.

UK organisations slowest to adopt, and most cautious

Organisations in the UK were the slowest to adopt cloud services of those surveyed, while they were also found to be the most cautious over storing sensitive data.

When asked how many months organisations would take for their IT infrastructure to be 80% cloud-based, respondents in the UK answered 19 months, versus an average of 14 months.

Moreover, organisations in the UK were also found to be the least likely to store all of their sensitive data in the public cloud - only 10% versus an average of 25% - while a quarter of UK organisations said they stored no sensitive data in the cloud, the joint-highest with Germany.

Personal customer information comprised the majority of sensitive data, with 61% of organisations keeping such data in the public cloud, followed by payment card information, internal documents, and employee information.

Visibility underpins secure cloud adoption

The report pinpointed a lack of visibility as the key factor hindering organisations from securing their cloud services, concluding visibility-driven organisations, regardless of whether they have adopted a cloud-first strategy or not, have a better awareness of shadow IT and take direct responsibility for the security of their cloud data.

"Poor visibility has a bigger impact on navigation than any single control or capability. After all, you cannot steer around what you cannot see," the report concluded.

"The leading adopters of cloud services understand this axiom and are integrating cloud visibility into their IT operations to accelerate business. Better cloud visibility enables an organisation to adopt transformative cloud applications sooner, respond more quickly to security threats, and reap the cost savings that virtualisation provides."

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

VMware and Nvidia working to enable next-gen hybrid cloud architecture
VMware

VMware and Nvidia working to enable next-gen hybrid cloud architecture

29 Sep 2020
What is Gaia-X? A guide to the EU’s unified cloud ecosystem
public cloud

What is Gaia-X? A guide to the EU’s unified cloud ecosystem

21 Sep 2020
NordLocker encryption heads to the cloud
encryption

NordLocker encryption heads to the cloud

21 Aug 2020
Fivetran is now worth $1.2 billion thanks to new funding
big data

Fivetran is now worth $1.2 billion thanks to new funding

30 Jun 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
How to wipe a laptop easily and securely
Security

How to wipe a laptop easily and securely

5 Oct 2020
iPhone 12 lineup official with A14 Bionic chip and 5G support
Mobile Phones

iPhone 12 lineup official with A14 Bionic chip and 5G support

13 Oct 2020