Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/8/2015
05:00 PM
Connect Directly
Twitter
RSS
E-Mail
100%
0%

Quantifying Shadow Data In The Cloud

Report shows how much data users really are exposing on SaaS services.
Previous
1 of 8
Next

Cloud application security company Elastica today released a report with data collected from its insight into enterprises using its CloudSOC platform to offer insights into how users today are sharing data on the cloud.

The report was based on anonymized and aggregated data and offered insight into the types of data put on the cloud, how much risky shadow data is entrusted to SaaS application and analysis of the potential economic impact if these files are left unprotected and the organization suffers a breach.

According to the report, Elastica found millions of files exposed on the cloud to either compliance violations, intellectual property leaks, or other kinds of risk. When examining across organizations and compared with breach cost estimates, Elastica estimated that the average total economic impact of cloud exposures per business would equal $13.85 million.

Image Source: Pixabay.com

 

 

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio
 

Recommended Reading:

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
chriscmw
50%
50%
chriscmw,
User Rank: Apprentice
6/8/2015 | 9:31:17 PM
Interesting data...
Thanks for collecting this data. It is very interesting to see what type of data and which sectors are the most vulnerable on the cloud. What I take away from this is that public, consumer grade cloud providers tend to be the least secure. I suppose that's hardly a surprise given that most enterprises using the cloud shy away from those sorts of providers. These security issues seem to be right up there with developing enterprise grade cloud tools for those cloud providers trying to move away from consumers to the enterprise market. It'll be interesting to see how the market responds.
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-16123
PUBLISHED: 2020-12-04
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by...
CVE-2018-21270
PUBLISHED: 2020-12-03
Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x).
CVE-2020-26248
PUBLISHED: 2020-12-03
In the PrestaShop module "productcomments" before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module.
CVE-2020-29529
PUBLISHED: 2020-12-03
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks.
CVE-2020-29534
PUBLISHED: 2020-12-03
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94.