Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

9/21/2020
05:35 PM
50%
50%

Remote Work Exacerbating Data Sprawl

More than three-quarters of IT executives worry that data sprawl puts their data at risk, especially with employees working from insecure home networks, survey finds.

IT executives increasingly worry about the extent to employees have saved their company's data in unprotected devices or sent sensitive information through insecure services, according to a survey released by data-governance firm Egnyte last week.

The survey, conducted in August, found that more than three-quarters of CIOs had concerns about content sprawl, with 38% very concerned about the issue. While the degree of data sprawl often depends on the department, the rapid move to remote work because of the coronavirus pandemic has become the No. 1 reason cited by CIOs for data replicating to insecure environments.

Related Content:

Is Your Organization Suffering from Security Tool Sprawl?

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: A Hacker's Playlist

Employees may copy data to their home systems, even if those systems are not maintained or visible to the company, says Kris Lahiri, chief technology officer of Egnyte.

"In a lot of cases, the worker has problems getting stuff done, so they take an easier solution, whether it was insecurely sending something over email or a personal device," he says. "People needs to realize that basic digital hygiene is important to visit."

Then survey underscores that the skyrocketing growth in data stored and used by companies has made it harder to keep important and sensitive information secure, while at the same time, allowing access to the information to authorized users.  

Nearly half of the survey respondents, for example, believe that employees had access to information they should not be able to access, while 40% of CIOs encountered employees who could not access data that they should be able to access.

"We do find lots of duplicate repositories," Lahiri says. "Take for example, a CRM [customer relationship management] solution and — even if someone has picked Salesforce as their main solution — the data finds its way into all sorts of places."

The coronavirus pandemic has forced companies to embrace remote workers, with more than three-quarters of companies having most of their employees work outside of the office, according to a June survey by consultancy PwC. Even after pandemic conditions have subsided, almost 90% of companies expect many — 30% or more — of employees to work out of the office at least some of the time.

While employees overwhelmingly support remote work, collaborating with other team members is the No. 1 reason some miss the office, and difficulty in collaborating the No. 2 reason employees felt unproductive at home, the PwC survey found.

"Provide everyone with the collaboration tools and access to data they need to work remotely effectively," the company recommended. "This may include small stipends to pay for home office equipment or high-speed Internet. Be sure to assess and close the security and control gaps in your remote work setup."

Many IT executives worry that their employees are not following the policies for keeping data secure. About a third of respondents to the Egnyte survey, for example, would give their worker a grade of C or lower for their ability to keep data secure.

Among the top issues for companies are employees use of personal devices for work. While more than third of employees are using personal devices to access company files, two-thirds of companies do not have policies for password requirements on personal devices, restrictions on using personal devices for work, or mandates that persona devices are not left unattended.

Companies should determine their most valuable data, determine the risks to those assets, and give authorized users a frictionless way to access the information to do their work, says Lahiri. 

"Companies should focus on reducing their content sprawl," he says. "Pick the top, most valuable few categories of data and repositories, and make those easy to collaborate on and share. By doing so, you are making it less likely that users circumvent your policies."

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns
Kelly Jackson Higgins, Executive Editor at Dark Reading,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-24847
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
CVE-2020-24848
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
CVE-2020-5990
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
CVE-2020-25483
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
CVE-2020-5977
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.