20% Of 'Broadly Shared' Data Contains Regulated Info20% Of 'Broadly Shared' Data Contains Regulated Info
Forget "shadow IT." The new problem is "shadow data."
October 23, 2014
You're already worried about "shadow IT" -- the applications, mobile devices, and cloud services your users are using without your OK -- but what about "shadow data"? Even if your users are only using the file-sharing technology you gave them, you're not necessarily protected from over-sharers -- the people who share data (even sensitive data) with the entire organization, external parties, or the general public.
Twenty percent of such "broadly shared files" contain regulated data, according to research released today by Elastica. Of that data, 56% was personally identifiable information, 29% was personal health information, and 15% was PCI-protected credit card data.
That all adds up. On average, each user has over 2,000 files stored on the cloud, and 185 of those (about 9%) are "broadly shared," according to the research. Yet averages, in this case, are misleading -- which is good news.
"Most [data sharing] violations," says Elastica CEO Rehan Jalil, "are casually coming from a small group of users." In fact, 85% of the total risk exposures are attributable to only 5% of users. Identify and rope in those users, and most of the problem is treated. (The research cannot tell us whether or not those 5% share any common characteristics, from company to company, because the data was anonymized before it was analyzed.)
"The most surprising thing [about the research] was that, even for IT-blessed file-sharing applications, users' behavior is very casual at this point," says Jalil. "They share [files] however they want."
Some of the ways in which files are over-exposed include shared folders that are accessible to employees who don't need access to the data, folders in the cloud that continue to be accessible to users who have left the company, direct links to files emailed to people inside and outside the company, or unchanged default settings that make files public.
Jalil says that protecting against shadow data in the cloud requires IT security professionals to adopt "a completely new mindset, because on the surface, it looks like a managed service," but in truth, it isn't managed very well.
Read the full report, in the form of an infographic, here.
About the Author(s)
You May Also Like
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks