GDPR a risk to your organization

Security concerns are twice as likely to drive cloud strategy than even the business’ core objectives, according to Calligo, a world-leading cloud solution provider. Even regulatory compliance and data privacy – the strategic themes of doing business in 2018 – receive a similarly low ranking.

Whereas security is the chief driver behind cloud strategy for 34% of 200 UK IT decision-maker respondents, the business’ core objectives, compliance and data privacy are each only the top consideration for 17%. This is despite the imminent implementation date of the European General Data Protection Regulation (GDPR) – May 25th 2018.

“Driven by media-fueled fears of severe fines and reputational damage, IT leaders have over-compensated in their cloud strategies and become almost myopically focused on security,” said Julian Box, CEO, Calligo. “This is to the enormous detriment of more strategic aims such as supporting the business’ objectives, and vital compliance with the GDPR’s data privacy requirements.”

“The great irony is that while these organisations fear and mitigate the consequences of a security breach, the consequences of regulatory non-compliance are identical – and yet they are not being defended against,” Box continued. “This probably stems from a mistaken belief within the IT industry that their role in GDPR adherence is centered on data security, leading organisations into compliance complacency and all kinds of non-compliant behavior. They are effectively erecting walls around data they are not entitled to hold.”

Calligo also found that security considerations are similarly influential in cloud provider selection. Regardless of the platform chosen, security was either the first or second most important consideration. For example, more than half (52%) of those who had chosen IBM Softlayer said they had done so primarily because of security, while 48% said the same for both Microsoft Azure and Google Cloud.

However, respondents also admitted their over-compensation for security has been detrimental to the business. More than four in ten (44%) said cost efficiencies were knowingly sacrificed in their cloud strategy, while 43% consciously compromised their ability to comply with regulatory requirements. Another 41% of cloud platform selections undermined data privacy.

Even worse, having committed their organisations to poorly-conceived cloud strategies, respondents said they feel trapped and unable to fix the problem. Some 39% said cost is a barrier to migrating to a new provider, while the fear of downtime is a major factor for 34%.

“The takeaway from these cloud strategy findings is not that security’s importance needs to be reduced – rather that the importance of data privacy and business objectives needs to be elevated,” added Box. “Organisations in this predicament need to seek out cloud service providers with the necessary experience to put their cloud strategy back on track. In particular, they need to ensure their cloud deployment meets the strategic necessities of doing business in 2018 – regulatory compliance and data privacy.”