Shadow Data Emerges as Major Security Risk
- 1 of
-
Shadow Data Emerges as Major Security Risk
By Samuel Greengard -
Too Much Sharing
Analysis of cloud activity revealed that 25% of files are shared broadly, and 12.5% of those files contain compliance-related data. -
Sensitive Matters
38% of sensitive data is in financial information, 27% is in the form of code, 24% consists of health care data, and 11% has personal info, such as Social Security numbers (SSNs). -
Getting Personal
54% of sensitive data files contain names, phone numbers and SSN data. 31% have health care-related records, and 15% have payment-related information. -
Industry Exposures
The leading industries facing risks from data exposures include entertainment (64%), health care (16%) and consumer (8%). -
Violations Grow
From Q4 of 2014 to Q2 of 2015, total violations across all types of documents swelled from 1.8 percent to 3.2 percent. -
Taking Ownership
74% of data is internally owned, 17% is externally owned and 9 percent (the riskiest) is available to anyone on the Internet. -
Key Indicators
43% of malicious use of data is the result of too many logins from infeasible locations; 40% comes from anomalous frequent sessions; 16% results from anonymous frequent sharing; and 1% comes from too many logins. -
Security Tips
Find malware-infected files. Look for unauthorized encrypted files and block them. Assess metrics for top providers' use of strong passwords and brute-force protection. -
Best Practice
Become a better steward of data by examining and understanding key risks and risk-avoidance factors.
Business and IT executives are increasingly aware that there's more to shadow IT than hardware and devices. There's also shadow data. Spotting, tracking and controlling data is a growing challenge, and the failure to keep data in tow can have dire consequences. A recently released report, "Shadow Data," from cloud data security firm Elastica, indicates that the stakes are growing. It found that the average cost of a data breach in 2014 reached $5.9 million, and 45 percent of Americans have been affected by a data breach within the last year. At the center of the issue: risky data exposures resulting from sanctioned cloud services and apps. In many cases, these problems result from a lack of knowledge about the type of data that's uploaded and how it is used and shared. Services such as Box, Dropbox and Google Drive introduce new and different risks, while also raising new questions about data ownership. But not all software-as-a-service (SaaS) apps are created equal. "Even with enterprise-grade cloud apps, there remains a challenge in understanding the sensitive content users are storing within them, and how that content is being exposed—intentionally or unintentionally," points out Elastica CEO Rehan Jalil. The report offers a number of insights about shadow data and what impact it has on the enterprise.