Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.

Ghost Data Increases Enterprise Business Risk

IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organization's cloud attack surface.

Edge Editors, Dark Reading

September 2, 2022

2 Min Read
30% of data stored in the public cloud is ghost data and 58% is sensitive data.
Source: Cyera

Cloud sprawl is a big issue for organizations, with business teams to spinning up cloud systems and services on their own, often without IT oversight. That leads to cloud data sprawl as data is scattered across different environments. If IT doesn’t know about the cloud systems and services, then IT is also not managing the data being collected, processed, and stored there.

We all know about shadow IT, the systems and network devices in the organization’s environment that IT is not managing. Similarly, shadow data refers to unmanaged data store copies and snapshots or log data not part of IT’s backup and recovery strategy. Researchers at Cyera estimate that 60% of the data security posture issues present in cloud accounts stem from unsecured sensitive data.

Then there is the problem of ghost data.

When data gets deleted from cloud systems, it isn’t fully gone. Copies linger in backups or snapshots of data stores. Ghost data refers to those copies left behind after the original has been deleted, and Cyera’s recent analysis show that enterprises have quite a lot of it.

After scanning the three major cloud providers (Amazon Web Services, Azure, and Google Cloud), Cyera researchers found that over 30% of scanned customer cloud data stores are ghost data and more than 58% contain sensitive, or very sensitive, data. For example, researchers found unsecured database snapshots in non-production environments that contained sensitive customer data where the original database had been destroyed. Researchers also uncovered sensitive personal and authentication data in plain text where the production data and application were no longer in use.

Ghost data usually has no business value – the data was deleted for a reason -- and having it around unnecessarily increases business risk. Attackers don’t care if they get their hands on the original sensitive information or the copy because to them, all data has value, regardless of the form it takes. Organizations still are on the hook if the attackers get their hands on ghost data. The data security provisions of industry-specific regulations like HIPAA, PCI DSS, and the Sarbanes-Oxley Act still apply.

Organizations need to reduce cloud data exposure to reduce data sprawl. Proper data hygiene across clouds will also help clean up data when it is no longer in use.

On a final note, ghost data can increase the organization’s cloud costs: Researchers found over $50,000 in excess data store snapshots being retained in a cloud environment.

About the Author(s)

Edge Editors

Dark Reading

The Edge is Dark Reading's home for features, threat data and in-depth perspectives on cybersecurity.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights