Organizations continued to rapidly embrace the cloud in the first half of 2017. Symantec researchers found that data exposure and loss continues to dominate the risk landscape. And organizations continue to increase the number of cloud applications they use – both sanctioned and unsanctioned cloud apps often referred to as Shadow IT.
Data is at risk
In the first half of 2017, enterprises “broadly shared” 20% of all files in cloud file sharing apps and 29% of emails in cloud email apps. To be classified as “broadly shared”, a file must be shared with the entire organization, an external third party, or publicly with anyone who has a link to the file. Any file or email broadly shared is at risk of exposure, so it is especially important to control documents that contain confidential data such as Personally Identifiable Information (PII), Protected Healthcare Information (PHI), and Payment Card Information (PCI).
CASB users expose less in file sharing
In the past, it was typical to discover that 10% or more of broadly shared files in file sharing apps contained sensitive data. Today, security conscious organizations using CloudSOC are doing better with only 2% of their broadly shared files in file sharing apps containing confidential and regulated data. However, PHI data leads the pack within these broadly shared files as the confidential data type most at risk representing a whopping 79% of broadly shared content in file sharing apps.
Email still an issue
We are still not out of the woods because while it looks like a lower percentage of files in cloud file sharing apps contain compliance data than before, Email continues to be an area of concern with 9% of broadly shared emails containing confidential content. PII is the dominant type
Compliance related data at risk
With organizations standardizing on cloud file sharing platforms, it should be expected that some compliance related data will be stored in the cloud. If we look at all files in file sharing apps that contain regulated content we found that a surprisingly high percentage of these files are broadly shared. Research found that 65% of all files containing PHI data, 26% of all files containing PII data, and 17% of all files containing PCI in file sharing apps are broadly shared.
Watch out for data exfiltration
Cloud apps are a popular target for bad actors and our research tracks a number of high risk actions in the cloud. Data loss dominates cloud threat findings with 71% of high risk behavior indicating attempts to exfiltrate data.
More cloud app Shadow IT
Organizations are using many more cloud apps than what is typically assumed by IT professionals with the average number of different cloud apps in use at an enterprise increasing to 1,232. This is a 33% increase over the second half of 2016.
Recommendation to reduce cloud risks
You should adopt a fully featured cloud access security broker (CASB), such as Symantec CloudSOC, that ALSO integrates with the rest of your enterprise security to share intelligence and leverage extended control points. This is a CASB 2.0 approach to cloud security where your CASB is not a separate island of security in the cloud, it is a solution that natively integrates with your existing security solutions.
Symantec CloudSOC CASB provides:
- Auditing of shadow IT that integrates with Symantec ProxySG and Web Security Service secure web gateways for automated control over the use of cloud apps
- Real-time detection of intrusions and threats that integrates with Symantec VIP for intelligent user authentication and Symantec advanced malware protection
- Protection against data loss and compliance violations that integrates with Symantec DLP and Information Centric Encryption for consistent information protection policy control everywhere (on-premises and in the cloud)
- Investigation of historical account activity for post-incident analysis that integrates with popular SIEMs and Symantec’s Managed Security Service.
About the Symantec CloudSOC Shadow Data Report
The Symantec CloudSOC Shadow Data Report covers key trends and challenges organizations face when trying to ensure their sensitive data in cloud apps and services remains secure and compliant. Covering the first half of 2017, this report is based on the analysis of over 22K cloud apps and services, 465M documents and 2.3B emails—nearly double the data from the last report. All data is anonymized and aggregated to protect Symantec CloudSOC customer confidentiality.
Get the full 1H 2017 Shadow Data Report here.