Security Experts:

Shadow IT Growth Introducing Huge Compliance Risks: Report

Organizations Not Working to Defend Shadow IT Are in Danger of Data Loss and Regulatory Violations

Shadow IT continues to grow, while senior management remains in denial. The average enterprise now uses 1,232 cloud apps (up 33% from the second half of last year), while CIOs still believe their organizations use between just 30 and 40 cloud apps and services. Within this cloud, 20% of all stored data is at risk from being 'broadly shared'.

The figures come from 1H 2017 Shadow Data Report (PDF), based on aggregated and anonymized data from 22,000 cloud apps and services, 465 million documents, and 2.3 billion emails used by Symantec's CloudSOC (CASB) customers.

CloudSOC was acquired by Symantec when it bought Blue Coat Systems for $4.65 billion in June 2016. Symantec defines 'broadly shared' as "documents that are widely shared with employees within the organization, documents that have been shared externally with specific individuals such as contractors and partners, and documents shared to the public." Put briefly, they have a high risk of exposure.

Of that 20% of broadly shared data, 2% specifically contain compliance-related data such as personally identifiable information (PII), payment card industry information (PCI) and protected health information (PHI). This means that CloudSOC customers over-shared 93 million documents. Of these, 2% (1.86 million) contained PCI; 19% (17.67 million) contained PII; and 79% (73.47 million) contained PHI; all of which potentially put the organization in breach of a range of regulatory requirements.

The figures are even worse for emails. Twenty-nine percent of the 2.3 billion emails analyzed are broadly shared and at risk of leakage. Nine percent of these contain compliance-related data: 64% contain PII, 9% contain PHI, and 27% contain PCI. To put these figures in context, Symantec found 207 million at risk emails. Within these, it found 132.48 million emails containing PII data.

Cloud apps are a popular target for hackers, and Symantec's research evaluated the incidence of users' high risk actions in the cloud. The biggest threat is the loss of data, and the researchers found that 71% of the detected high risk behaviors indicated attempts to exfiltrate data. Seventeen percent indicated attempted brute force attacks; 6% indicated attempts to destroy data; and 6% indicated attempts to hack into user cloud accounts.

The researchers mapped the high risk behaviors to the users' organizations. It found that an astonishing 14% of companies have 50% or more of their employees demonstrating high risk behavior within the cloud apps and services. On the plus side, 53% of their customers have zero high risk employees -- indicating that some organizations are doing a good job with their user awareness training, while others have a distance to go.

It is important to remember that these figures come from customers of Symantec's CloudSOC CASB. They are already making efforts to protect their cloud-based data. We don't know if similar figures would be replicated by other CASB users -- but one thing is clear. Any organization that is not specifically trying to defend its Shadow IT is in serious danger of data loss and regulatory violations.

Related: Symantec Enhances Endpoint Protection Capabilities 

Related: Stealthy Attack Could Hit 50 Percent of Large Office 365 Customers

Related: Cloud Governance Fails Could Trigger Privacy Compliance Issues

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.