Three quarters (75 percent) of cloud apps are not GDPR-ready as they lack key capabilities to ensure compliance. More than a tenth (11 percent) of enterprises have sanctioned apps laced with malware, indicating that cloud apps are a growing and vulnerable threat vector for businesses.

New research by Netskope analysed over 22,000 cloud apps during Q1 2016 and discovered that many have a significant amount of catching up to do before the GDPR is fully implemented in less than two years. Failure to comply with the GDPR data privacy mandate will result in severe penalties on enterprises: £15.3 million or up to four percent of annual worldwide revenue, whichever is greater.

Factors such as data retention, privacy and protection were used to score apps on a scale of 1-100 with a higher score indicating GDPR compliance readiness. Of the thousands of apps analysed in the report, 27.8 percent scored low, 47.6 percent scored medium and 24.6 percent scored high.

Cloud storage apps dominate cloud DLP violations (73.6 percent) followed by web mail (22.1 percent). Downloads account for more than 50 percent of DLP violations followed by upload and send.

Of the average 935 cloud apps in use per enterprise, a vast majority (94.6 percent) are not enterprise-ready and lack key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability, and vulnerability remediation. Financial services have the highest number of cloud apps in use (average of 1,046 per business), followed by manufacturing (1,021 per business).  

“The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR. With the deadline for compliance looming, complete visibility into and realtime control over app usage and activity in a centralised, consistent way that works across all apps is paramount for organisations to understand how they use and protect their customers' personal data,” said Sanjay Beri, CEO and founder of Netskope.