Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Broadly Shared Files a High Risk for Enterprise Data: Report

Broadly shared files represent a high security risk for organizations, as 1 in 10 contain sensitive corporate data, Blue Coat’s Shadow Data Report for the second half of 2015 reveals.

Broadly shared files represent a high security risk for organizations, as 1 in 10 contain sensitive corporate data, Blue Coat’s Shadow Data Report for the second half of 2015 reveals.

According to the report (PDF), many organizations are not aware of the fact that 26 percent of documents shared in cloud services are broadly shared. Employees are increasingly using cloud apps to share information within the organization and with partners and customers, which creates a threat otherwise known as “Shadow Data”.

Shadow data includes sensitive information uploaded and shared via cloud apps without prior consent from the IT security team. This information puts corporate data at risk, especially when it comes to broadly shared documents, which are accessible to any employee within the organization, as well as to contractors and partners, and which can sometimes be publicly accessible via search engines.

According to Blue Coat, the concept of Shadow Data is different from that of Shadow IT, which involves the use of IT systems and applications, including SaaS apps, without the knowledge or consent of a company’s IT department. According to a recent study from Cisco, large enterprises use on average 1,220 individual public cloud services, 25 times more than IT professionals estimate.

According to Blue Coat’s report, compiled by Elastica’s Cloud Threat Labs team, one in ten broadly shared documents contains sensitive data or information that is subject to compliance regulations. The researchers found that 48 percent of such sensitive data included source code, 33 percent included Personally Identifiable Information (PII), and 14 percent contained Protected Health Information (PHI), while 5 percent included Payment Card Industry (PCI) data.

The study, which analyzed 63 million enterprise documents within leading cloud applications, including Microsoft Office 365, Google Drive, Salesforce, Box and others, found that 23 percent of documents were shared publicly, meaning that anyone with a link could access them.

Researchers also found that PHI dominates the healthcare and pharmaceutical industries, accounting for 52 percent of all sensitive documents. Last month, Verizon’s 2015 Protected Health Information Data Breach Report revealed that 90 percent of industries are affected by patient data breaches, although most organizations are not even aware of that.

Shadow data poses significant financial risks to enterprises, and Elastica estimates a $1.9 million potential financial impact on the average organization from the leakage of sensitive cloud data. The potential impact reaches as high as $12 million when it comes to healthcare organizations, and tops $5.9 million when it comes to the education sector, Blue Coat says.

Advertisement. Scroll to continue reading.

According to the report, 2 percent of cloud users were responsible for all data exfiltration, data destruction, and cloud account takeover attempts detected. The study also revealed that data exfiltration was the most serious threat when shadow data was involved, at 77 percent, with data destruction and account takeover following at 17 percent and 6 percent, respectively.

The most commonly used method for data exfiltration was anomalous frequent sharing, at 41 percent, followed by anomalous frequent emails Sent, at 18 percent. Anomalous frequent previews made it to top three with 3 percent, with Blue Coast suggesting that users might be taking screenshots of sensitive data and share these instead of the actual documents.

When it comes to the most popular cloud business applications, Microsoft Office 365 landed at the top in the second half of 2015, followed by Twitter and YouTube. LinkedIn, Google Apps, Salesforce, AWS, Dropbox, Skype, and Box round up the top 10.

The analysis also revealed that companies now have, on average, 812 cloud applications running, which marks an increase from the 774 applications spotted half a year ago. Microsoft Office 365 was the leading collaboration and sharing app in the six-month period, followed by Google Apps, Dropbox, Box, and Evernote.

To improve their security in the shadow data segment, enterprises should start by identifying risky apps, thus ensuring that employees use only secure cloud apps and services. Additionally, companies can educate employees on the security risks of indiscriminately sharing documents both within the organization and with external stakeholders, and can employ a full-function CASB solution that provides them with visibility into cloud-shared data, to know exactly what needs protected.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Raj Dodhiawala has been named Chief Product Officer at Eclypsium.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.