Even if one were to ignore the EU data residency requirements, only nine per cent of the cloud services in use provide enterprise-grade security capabilities, while the remaining 91 per cent pose medium to high security risks to organisations.From a data privacy and data residency perspective, only one per cent of the cloud services in use both offer enterprise-grade security capabilities and store data in Europe’s jurisdictional boundaries. The remaining 99 per cent either store data in countries where data privacy laws are less stringent or don’t have enterprise-grade security capabilities, or both. Much of the cloud adoption within European organisations occurs under the radar of the CIO or CISO – leading to a situation where shadow IT is widespread and uncontrolled. The ease with which cloud applications can now be consumed by employees means that there is often little consideration for the security implications or impact on wider business policies. When CIOs examine the use of cloud services across the organisation, they generally find shadow IT is ten times more prevalent than they initially assumed. Key findings from the report include:
- Only five per cent of cloud services in Europe are ISO 27001 certified, posing compliance issues for those organisations unaware that their employees are using uncertified services;
- 25 of the top 30 cloud services in the collaboration, content sharing, and file sharing categories were based in countries (United States, Russia, China) where the privacy laws are far less stringent compared to Europe;
- 49 different services in use are tracking the browsing behaviour of employees on the internet. This exposes organsiations to the increasingly prevalent watering hole attack.
Share this story