Netskope equips organisations for EU GDPR compliance

Company also provides complimentary GDPR readiness kit with white paper, compliance checklist, webinar, and in-person seminar workshops.

  • 8 years ago Posted in
Netskope has announced the availability of two services designed to help organisations comply with the upcoming European Union General Data Protection Regulation (GDPR): the Netskope Cloud Risk Assessment for the EU GDPR and the Netskope Cloud Compliance and Remediation Service for the EU GDPR.

 

The Netskope Cloud Risk Assessment for the EU GDPR will provide a one-time overview of all of the cloud apps in use across an organisation’s network, assess the enterprise-readiness and likely compliance of those apps with the pending regulation, offer specialised reports that map to the regulation’s key principles, and provide policy recommendations to mitigate risk and bring the organisation’s cloud usage into compliance with the current draft of the regulation.

 

The Netskope Cloud Compliance and Remediation Service for the EU GDPR will help organisations build a compliance programme and implement security policies and workflows for their enterprise information security teams to manage ongoing compliance with the regulation. The service is customised for each organisation based on their existing workflows and technologies, with special consideration for the GDPR compliance requirements relating to cloud services.

 

In addition to these new services, Netskope today also announced a GDPR Readiness Kit, a collection of complimentary resources designed to help organisations achieve GDPR compliance. Those resources include an in-depth white paper detailing the pending legislation and organisations’ responsibilities related to cloud app usage, a summary compliance checklist, a best practices webinar, and a series of local, in-person seminar workshops.

 

Set to be finalised in 2016 and enforced from 2017/18, the GDPR will require organisations to take measures to ensure the security and proper use of individuals’ personal data. The legislation covers data stored or “processed” by any service – including cloud apps – and includes unstructured content containing personally identifiable information (PII).

 

One of the most significant compliance challenges that organisations face under the GDPR is that many personal data are processed in an unstructured way – for example by employees using hundreds of cloud-based file-sharing, productivity, collaboration, customer relationship management, human resources, and finance and accounting apps. Under the GDPR, it is always the organisation’s legal responsibility to protect such data, structured or unstructured, from loss, alteration or unauthorised processing. This applies even if workers use cloud services which are not pre-approved or controlled by the organisation – so-called “shadow IT.”

 

One type of measure that companies can take to move towards GDPR compliance is to gain control of interactions with the cloud. This is achieved by:

 

?      Discovering and monitoring all cloud applications in use by employees;

?      Knowing which personal data are processed by employees in the cloud;

?      Securing data by enforcing policies that ensure that unmanaged cloud services are not being used to store and process personal information;

?      Coaching users to adopt the services sanctioned by the IT department; and

?      Using a cloud access security broker to assess the enterprise-readiness and adherence to the principles of GDPR of all cloud services and ensure that all data are protected when en route to or from, or at rest in, the cloud.

 

“In the day and age of cloud, BYOD and SaaS, there’s arguably no bigger challenge than monitoring, tracking and controlling data within an organisation”, said Adrian Sanabria, analyst with 451 Research. “GDPR is concerned with whether or not personal data belonging to EU citizens are misused and has some serious penalties and sanctions built into it. A breach of this sort of data will invoke this regulation regardless of whether the entire company was aware of personal EU data being stored, or only a single employee; whether the company is EU-based or not. Either way, the damage is done and GDPR applies. Understanding what data exist and how they are being stored and handled is the new baseline for this and other new data regulations."

 

“The GDPR is a complex and wide-ranging piece of legislation that greatly increases organisations’ responsibilities for data protection,” said Sanjay Beri, CEO, Netskope. “It is obvious from the requirements on unstructured data alone that cloud app usage is a major threat to companies subject to the regulation. With very significant fines of up to 5% of a company’s global turnover, organisations that fail to comply with the GDPR risk a disastrous impact on their reputation and bottom line.

 

“All organisations should be making preparations to comply now, and paying extremely close attention to how they use and protect their customers’ personal data. It might seem a daunting challenge, but the sooner companies start making preparations, the more time they will have to demonstrate compliance. Our new services are designed to help them achieve that, and avoid a hugely damaging incident in the process.”

GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.
Commvault provides cloud-first organisations with greater choice and flexibility to protect and...
On the morning of September 20, Executive Director of the Board of Huawei and CEO of Huawei Cloud...