Cloud security

How to stay in front of the GDPR

Cloud security: how to stay in front of the GDPR

Slack, Basecamp, O365 – every business has applications running in the cloud. But how secure are they, really? With the GDPR looming, it’s time to take back control of your information. And quickly. Guide your IT-department through our three-lap race to compile a complete overview of app usage, set some basic rules and oversee the flow of information.

New technologies demand new rules

Your colleagues are online all the time. 24/7 connectivity offers opportunities for your organization, but it can also become quite dangerous. Without proper supervision, employees will start using apps of all kinds. Meanwhile, you have no clue which apps are being used and how secure they are. A recipe for disaster – especially with the GDPR in mind.

Consider this scenario: one of your employees uploads a file with personal data to their personal cloud storage. Remember, your company is liable for that information if it’s misused. A minor mistake, sure, but what happens when a disgruntled employee starts uploading highly confidential information to his or her personal account?

Right, better get started.


Lap 1: assess your apps

First thing? You want an overview of all the apps that are connected to your network. This type of assessment is both fast and affordable. The resulting report gives you a comprehensive list of all used apps, with a risk score – overall and per app.

The risk score indicates the strong and weak points of each app’s security. For instance, if a popular app doesn’t have multifactor authentication – while your security policy states that it must – the assessment offers a clear choice: banish the app from your network or keep the app and live with the consequences.

Pro tip: check whether the paying version of the app has better security features – if so, it is worth the investment almost 100% of the time. Why? Because the paid version offers an advantage for your organization: monitoring app usage. And that’s important for the second part of the race.

Lap 2: set the stage

Collected all information? Time to make some tough decisions and set the ground rules. Often the most basic rule is that the IT department gets a popup when a document containing personal information has been shared. The popup is not just a reminder, it signals that the action has been logged. In other words, the rules can detect if someone is breaking your company policy. Say that you have a strict policy that forbids sharing sensitive information (e.g. a bank account number); thanks to the rules, the IT department now has the tools to sanction appropriately.

Lap 3: control the information grid

Your system all set up? Start monitoring the traffic from your network to the cloud. Your employees will keep finding new apps that they find convenient or interesting. It is your task to track the use of these apps and take action when they pose a security threat. With this simple solution, you can both protect your network and boost employee productivity.

Need a cloud coach?

Not entirely sure how to start this process? Our solution advisors will gladly help you out. Just fill in the form and we will be in touch as soon as possible!

Contact Us

Comment on this article

Leave a comment to let us know what you think about this topic!

Leave a comment


Blog Editorial Team

Trend Scouts

IT Trends and industry-relevant novelties

Related Articles

  • 21 October 2020
  • Bala Sethunathan
  • Managed Security
  • Data Backup

Protect Enterprise Mobile Devices

Despite their size, mobile devices pose a huge threat to enterprises. Here are a few threats to start protecting against today.


Paving the Way to Innovation

SoftwareONE’s global team of cloud experts is here to advise, support, optimize and manage your cloud migration journey at every single stage.

  • 14 October 2020
  • Bala Sethunathan
  • Managed Security, Cybersecurity
  • Data Security, Data Loss, Data Backup, Data Protection

Security is Not Privacy: Ways to Keep Personal Data Secure

Organizations must know the difference between data security and privacy, the ways your data could be compromised, and how to keep it secure.