Exposing the shadow data threat

Blue Coat conducted an analysis using the Elastica CloudSOC platform provided insights into 63 million enterprise documents within leading cloud applications, including Microsoft Office 365, Google Drive, Salesforce, Box and others.

Among the most salient findings was that organizations are not aware that 26 percent of documents stored in cloud apps are broadly shared, meaning that any employee can access them, that they are shared externally with contractors and partners, and in some cases publicly accessible and discoverable through Google search.

Equally alarming are findings showing that 1 out of 10 documents shared broadly contain data that is sensitive and/or subject to compliance regulations, such as source code (48 percent), Personally Identifiable Information (PII) (33 percent), Protected Health Information (PHI) (14 percent), and Payment Card Industry (PCI) data (5 percent).

Shadow data driving financial risks

The level of financial risk shadow data is creating among organizations is significant. For the second half of 2015, Elastica calculated that the potential financial impact on the average organization from the leakage of its sensitive cloud data was $1.9 million.

Healthcare organizations face an even greater risk with a potential impact reaching as high as $12 million. The education sector also ranked high for financial risk at $5.9 million.

Cloud app usage up From 774 to 812 per organization

Elastica analyzed the most popular cloud business applications and found that Microsoft Office 365 was the most widely used, knocking Twitter out of the top spot from earlier this year. The analysis showed that companies currently have, on average, 812 cloud applications running, up from 774 when last reported in June; a 5 percent increase.

The top 10 apps in use within enterprises today are: Office 365, Twitter, YouTube, LinkedIn, Google Apps, Salesforce, AWS, Dropbox, Skype, Box.

Multiple, varied threats targeting cloud data

Analysis revealed that there were three primary threats facing organizations using sanctioned and unsanctioned cloud apps: 1) data exfiltration (Theft), 2) data destruction, and 3) account takeover. To no one’s surprise, exfiltration was the most frequent threat at 77 percent; what’s interesting to note are the methods by which exfiltration is taking place: anomalous frequent emails Sent (18 percent), anomalous frequent sharing (41 percent), anomalous frequent downloads (15 percent), and anomalous frequent previews (3 percent). The latter may suggest users are taking screenshots of sensitive data.

“We’ve reached a point in the security lifecycle where shadow IT should no longer be the primary focus. By now, organizations should have a grip on cloud applications available and have enforceable policies in place with the ability to control which are in use,” said Rehan Jalil of Blue Coat Systems and Elastica founder. “It’s time to start focusing on the real problems, which are the need to know what types of information employees are sharing, who is able to access data and how to stop high-risk exposures that lead to data breaches.”




Share this