LONDON – 21 September, 2016 – Skyhigh Networks, the leading Cloud Access Security Broker, has today launched a new service that allows customers to quickly and easily assess whether their cloud services comply with the EU General Data Protection Regulation (GDPR). Analysing the critical attributes of more than 20,000 cloud services, Skyhigh found that only 6 percent of cloud services are fully compliant with the EU GDPR. As such, only these services should be considered GDPR-ready without negotiating new terms or implementing additional technologies such as encryption and data loss prevention, which can help businesses more easily achieve EU GDPR compliance.
“The EU GDPR creates huge compliance challenges and understandably dominates many IT conversations and purchasing decisions today,” said Duncan Brown, Research Director, at IDC’s European Security Practice. “Not just in Europe either. Businesses worldwide, which invariably do business with or in Europe to some degree, have now also woken up to the fact that they need to deal with the situation. We need technologies that bridge the gap and help firms become compliant more easily. Skyhigh’s new service is a prime example as there will be a surge in demand for any service that can help identify which cloud services are compliant and what businesses need to do to become compliant.”
“Cloud remains essential to all businesses, but the EU GDPR quashes the notion of using cloud services straight out of the box,” said Nigel Hawthorn, Skyhigh Networks’ chief European spokesperson. “Put simply, the standard terms and conditions associated with almost all cloud services are not suitable for companies doing business in Europe and will need to be reviewed, negotiated or rejected outright once the EU GDPR is enforced.”
Other key findings and indicators of risk from Skyhigh’s analysis of more than 20,000 cloud services include:
- Data retention: 84 percent of cloud services do not immediately delete customer data on termination of contract
- IP ownership: 58 percent of cloud services do not provide guarantees regarding IP ownership, with some service providers taking ownership of all IP uploaded to their service and others failing to specify what happens to user IP
- Security incident notification: Only 1% of cloud services provide notification of security incidents in less than 24 hours, making it challenging for the remaining 99% of cloud services to meet the GDPR requirement for data controllers to notify the regulator of security incidents within 72 hours
“When considering EU GDPR, it’s not as simple as ‘compliant or non-complaint’, ‘safe or unsafe’,” continued Hawthorn. “The regulation consists of more than 100 articles and is a complex matter which requires each business to make its own judgement call after evaluating the many variables. For example, if asked whether you would run across a road, you’d first want to know which road, how much traffic, what speed, why, when, how – before answering the question. A stroll across a quiet country road is a vastly different proposition to dodging traffic blindfolded on a multi-lane highway
Available now, Skyhigh’s EU GDPR service is free for existing customers, offering a high-level overview and detailed breakdown of a company’s entire cloud ecosystem’s EU GDPR-readiness. It does so by defining and tracking over 20 attributes from Skyhigh’s cloud registry that impact EU GDPR compliance for each customer’s unique user profile (such as such as data location, security incident notification and data retention on contract termination). Based on these attributes, each report provides an overall EU GDPR readiness score for every cloud service used by the business and the business as a whole.
# # #
Skyhigh Networks, the cloud security and enablement company, allows enterprises to safely adopt cloud services while meeting their security, compliance, and governance requirements. Over 500 enterprises including Aetna, DIRECTV, General Mills, HP, and Western Union use Skyhigh to gain visibility, manage threats, ensure compliance and protect corporate data across shadow and sanctioned cloud services. Headquartered in Campbell, Calif., Skyhigh Networks is backed by Greylock Partners, Sequoia, and other strategic investors.