Let this sink in for a moment: 1-in-10 sensitive, business-critical and compliance-related documents that your employees are currently sharing via cloud services are at high risk of loss or theft due to overexposure.
That’s data such as Personally Identifiable Information (PII), Payment Card Information (PCI), Protected Health Information (PHI), as well as source code for software applications.
The leakage of these documents could have devastating economic impact on an organization as well as serious repercussions with compliance regulators.
Blue Coat has just released its Q4 2015 Shadow Data Report from its Elastica Cloud Threat Labs. Analysis conducted using the Elastica CloudSOC platform provided insights into 63 million enterprise documents within leading cloud applications, including Microsoft Office 365, Google Drive, Salesforce, Box and others.
The level of financial risk shadow data is creating among organisations is significant. For the second half of 2015, the Elastica Cloud Threat Lab calculated that the potential financial impact on the average organisation from the leakage of its sensitive cloud data was $1.9 million (USD). Healthcare organisations face an even greater risk with a potential impact reaching as high as $12 million. The education sector also ranked high for financial risk at $5.9 million.
Most IT experts are aware of the security challenges posed by “Shadow IT” — the use of IT systems and applications without the knowledge or explicit consent of an organisation’s IT department.
Once an organisation decides to embrace particular apps, so called “sanctioned apps,” there is a critical need to understand Shadow Data. Shadow Data refers to all the sensitive content that users are uploading, storing and sharing via cloud apps, even in sanctioned cloud apps — often without the oversight and knowledge of IT or security personnel. In other words, just because your organisation has selected a robust file sharing app, like Box or Office 365, it does not mean you are out of the woods in terms of data governance or compliance liability.
Analysis revealed that there were three primary threats facing organisations using sanctioned and unsanctioned cloud apps: data exfiltration (theft), data destruction, and account takeover. To no one’s surprise, exfiltration was the most frequent threat at 77 per cent; what’s interesting to note are the methods by which exfiltration is taking place: anomalous frequent emails sent, anomalous frequent sharing, anomalous frequent downloads, and anomalous frequent previews. The latter may suggest users are taking screenshots of sensitive data.
Among the most salient findings was that organisations are not aware that 26 per cent of documents stored in cloud apps are broadly shared, meaning that any employee can access them; that they are shared externally with contractors and partners; and, in some cases, publicly accessible and discoverable through Google search.
The threat of shadow data is on the rise as employees use cloud apps to share information within their organisations, among partners, and with customers.
Cloud app usage is up from 774 to 812 per organisation. The Elastica Cloud Threat Lab analysed the most popular cloud business applications and found that Microsoft Office 365 was the most widely used, knocking Twitter out of the top spot from earlier this year. The top 10 apps in use within enterprises today are:
1) Office 365
2) Twitter
3) YouTube
4) LinkedIn
5) Google Apps
6) Salesforce
7) AWS
8) Dropbox
9) Skype
10) Box.
We’ve reached a point in the security lifecycle where Shadow IT should no longer be the sole focus. In addition to getting a grip on cloud applications usage, it’s time to add knowledge of what information employees are sharing within those apps to that mix in order to stop high-risk exposures that lead to data breaches and regulatory violations.