1 in 10 broadly shared files in cloud apps expose sensitive and regulated data

Damien Manuel

  • CISO – Australia & New Zealand, Blue Coat
Damien Manuel is Chief Information Security Officer (CISO) for Blue Coat, now part of Symantec, in Australia & New Zealand. With more than 20 years of business, governance and ICT experience in security, Manuel leads Blue Coat’s team of consultants in the region, carrying on the company’s legacy of delivering the best possible protection against advanced adversaries. He works with senior IT executives from Blue Coat’s customers to help ensure they align their security architectures to industry best practices. Before his appointment as Blue Coat’s CISO, Manuel worked as a senior information security governance manager and later as an enterprise IT and Security risk manager at National Australia Bank (NAB) and was responsible for managing the banks’ Information Security Standard globally. Prior to NAB, Manuel was an account director at RSA, where he was responsible for enterprise accounts with a major emphasis on financial services and telecommunications. He also held senior roles at Telstra and Melbourne IT. He is currently on CompTIA’s executive advisory committee and is the national branch director for the Australian Information Security Association (AISA ). Manuel holds an MBA from the University of Melbourne; a Project Management Diploma from the University of New England; a Post Graduate degree in Genetics Engineering from Monash University; and a Bachelor degree in Education majoring in Chemistry & Biology from the University of Melbourne.

Let this sink in for a moment: 1-in-10 sensitive, business-critical and compliance-related documents that your employees are currently sharing via cloud services are at high risk of loss or theft due to overexposure.

That’s data such as Personally Identifiable Information (PII), Payment Card Information (PCI), Protected Health Information (PHI), as well as source code for software applications.

The leakage of these documents could have devastating economic impact on an organization as well as serious repercussions with compliance regulators.

Blue Coat has just released its Q4 2015 Shadow Data Report from its Elastica Cloud Threat Labs. Analysis conducted using the Elastica CloudSOC platform provided insights into 63 million enterprise documents within leading cloud applications, including Microsoft Office 365, Google Drive, Salesforce, Box and others.

The level of financial risk shadow data is creating among organisations is significant. For the second half of 2015, the Elastica Cloud Threat Lab calculated that the potential financial impact on the average organisation from the leakage of its sensitive cloud data was $1.9 million (USD). Healthcare organisations face an even greater risk with a potential impact reaching as high as $12 million. The education sector also ranked high for financial risk at $5.9 million.

Most IT experts are aware of the security challenges posed by “Shadow IT” — the use of IT systems and applications without the knowledge or explicit consent of an organisation’s IT department.

Once an organisation decides to embrace particular apps, so called “sanctioned apps,” there is a critical need to understand Shadow Data. Shadow Data refers to all the sensitive content that users are uploading, storing and sharing via cloud apps, even in sanctioned cloud apps — often without the oversight and knowledge of IT or security personnel. In other words, just because your organisation has selected a robust file sharing app, like Box or Office 365, it does not mean you are out of the woods in terms of data governance or compliance liability.

Analysis revealed that there were three primary threats facing organisations using sanctioned and unsanctioned cloud apps: data exfiltration (theft), data destruction, and account takeover. To no one’s surprise, exfiltration was the most frequent threat at 77 per cent; what’s interesting to note are the methods by which exfiltration is taking place: anomalous frequent emails sent, anomalous frequent sharing, anomalous frequent downloads, and anomalous frequent previews. The latter may suggest users are taking screenshots of sensitive data.

Among the most salient findings was that organisations are not aware that 26 per cent of documents stored in cloud apps are broadly shared, meaning that any employee can access them; that they are shared externally with contractors and partners; and, in some cases, publicly accessible and discoverable through Google search.

The threat of shadow data is on the rise as employees use cloud apps to share information within their organisations, among partners, and with customers.

Cloud app usage is up from 774 to 812 per organisation. The Elastica Cloud Threat Lab analysed the most popular cloud business applications and found that Microsoft Office 365 was the most widely used, knocking Twitter out of the top spot from earlier this year. The top 10 apps in use within enterprises today are:

1) Office 365

2) Twitter

3) YouTube

4) LinkedIn

5) Google Apps

6) Salesforce

7) AWS

8) Dropbox

9) Skype

10) Box.

We’ve reached a point in the security lifecycle where Shadow IT should no longer be the sole focus. In addition to getting a grip on cloud applications usage, it’s time to add knowledge of what information employees are sharing within those apps to that mix in order to stop high-risk exposures that lead to data breaches and regulatory violations.

Tags: LinkedIn, skype, twitter, dropbox, Google Apps, youtube, salesforce, shadow IT, blue coat, google search, Office 365, Box, AWS, cloud apps, IT department head, sensitive data, shared files, regulated data

Show Comments