GDPR Compliance and Fines May Affect Almost 80% of Organizations SurveyedNovember 9, 2017
HyTrust, Inc., a leader in workload security solutions, announced findings from its latest cloud adoption survey conducted at VMworld 2017. The survey of 323 respondents assessed deployment decisions for cloud infrastructure, containers and workload security along with risk and compliance from cloud deployments. The most significant result was the large number of companies that are not prepared for General Data Protection Regulation (GDPR) compliance that takes effect in May 2018.
The European Union (EU) regulation for data privacy not only applies to organizations located within the EU, but it will also apply to organizations located outside of EU member nations if they process and hold the personal data of residents within the European Union, regardless of the company’s location.
Key findings regarding GDPR:
- Only 21% of organizations are concerned about GDPR and have a plan in place.
- Over half (52%) of the respondents say that their organization is either not concerned about GDPR or are unaware of its relevance for their business.
- Over one quarter (27%) of respondents are concerned about GDPR, yet have no plan in place.
"If you think GDPR doesn’t apply to your organization, think again," said Eric Chiu, founder and president, HyTrust. "The survey results were surprising, many organizations are unprepared or have not perhaps taken the time to assess the impact GDPR requirements may place on their cloud infrastructure. Most organizations today are very aware of their security risks but are not as far along with technology and processes to meet the GDPR compliance requirements, despite a May 2018 deadline that has significant fines for failure to comply."
GDPR non-compliance can lead to fines of up to 4% of annual revenue or 20 million Euros. Despite this, many organizations are unprepared. According to Gartner, on May 25, 2018, less than 50% of all organizations impacted will be fully compliant with GDPR.
Cloud Platforms and Containers Survey Results
In addition to survey results regarding GDPR, HyTrust’s 2017 survey also revealed findings on cloud platform deployments, risks, and containers:
Private/Public Cloud Workload Risks
- The top risk for on-premises/private cloud infrastructure was "uncontrolled or unmonitored access by admins" (32%).
- The top public cloud infrastructure risk was "malicious or accidental exposure of workload data" (30%).
- Containers remain an area of active exploration with limited production deployments, which provides time for security professionals to architect and deploy security policy across multi-vendor, multi-cloud infrastructure. Only 12% of those surveyed described their container deployment as "production" while 75% are doing nothing or just beginning to evaluate.
Cloud Platform Deployments
- Although the use of hybrid cloud infrastructures is getting more popular, 22% are not using public clouds at all.
- Just under half (44%) have no hybrid cloud deployment and only 28% have a single vendor hybrid cloud deployment
- Only 10% of organizations are not using encryption in public cloud, down from 28% last year.
The survey included respondents from key industries including: government/military, financial/ insurance, healthcare/biotech, manufacturing, transportation/shipping and technology.