As Enterprises Opt for More Cloud, 64% in New Survey Say GDPR Doesn’t Apply to Them

More enterprises are storing data in the cloud, yet doing little to advance the security of those efforts and comply with stringent GDPR regulations.

That’s according to the inaugural Enterprise Cloud & Data Security Report compiled by vendors FileCloud and Spiceworks.

And organizations’ “remarkably passive” attitude, as FileCloud put it, toward cloud and compliance places them in danger of fines or breaches that could cost millions of dollars, and more.

The situation underscores that channel partners need to act as experts, helping customers get their acts together before catastrophe strikes.

Key Findings — and the Problems They Highlight

Source: FileCloud, Spiceworks

More enterprises are moving away from public cloud and adopting multicloud models (a combination of private, public and hybrid cloud infrastructure and services). The shift shows that organizations do not fully trust any cloud configuration.

To that point, just more than half – 58% – rely on public cloud, while the remaining 42% use the private cloud. There’s usually a hybrid model involved to allow access to either hosting method. Meanwhile, some companies don’t use cloud at all; 30% choose to self-host, FileCloud found.

This pervasive distrust of cloud technology often leads businesses to separate their data and files. Only the most innocuous records will go into the public cloud, while the critical information resides in the private cloud or on company servers, according to FileCloud.

But fragmenting content opens businesses to data leaks, hacks and noncompliance, as the vendor pointed out. Enterprise data management, especially in multicloud settings, “needs to have strong security, audit and governance frameworks,” the authors wrote.

Part of the problem, though, is that an overwhelming majority of respondents – 64% – think GDPR does not apply to their organizations.

That may qualify as the most frightening finding in the FileCloud report, and partners will want to take note.

Security vendor Fortinet offers some quick and simple guidelines for understanding whether an organization must meet GDPR requirements, and this becomes more prescient as enterprises store data in the cloud. Partners can use the resource as a starting point for helping clients determine their responsibilities toward the law. Does the business:

• Possess any personally identifiable information?
• Operate in the European Union?
• Offer goods and/or services in the European Union?
• Monitor the behavior of European Union residents?

If any of the answers are in the affirmative, the business needs to speed up its GDPR compliance efforts. Yet that points to another issue: Such activity remains in flux. Even though GDPR went into full effect on May 25, 2018, 38% of U.S. companies surveyed by FileCloud say they do not know when their organizations will reach complete compliance. Another 25% said they expect to be compliant any time, while the another 25% said compliance will happen by the end of this year.

At the same time, these organizations are storing more and more data in the cloud. More than three-quarters – 75% – have public cloud file sharing and storage. Just more than 70 percent (72%) keep business applications and databases in the public cloud. The same percentage host backup, archiving and recovery in the public cloud as well.

FileCloud suggests that the dueling priorities of laissez-fair GDPR compliance and growing cloud usage comes down to lack of funding and support from upper management.

“The best way for management to demonstrate support for data privacy initiatives is to …