The Shadow Data Threat: What It Is and How to Safeguard Against It

 
 
By Chris Preimesberger  |  Posted 2016-09-23
 
 
 
 
 
 
 
 
 
  • Previous
    1 - The Shadow Data Threat: What It Is and How to Safeguard Against It
    Next

    The Shadow Data Threat: What It Is and How to Safeguard Against It

    Organizations making more and more use of cloud apps should be aware of shadow data threats as well as shadow IT.
  • Previous
    2 - Shadow IT vs. Shadow Data
    Next

    Shadow IT vs. Shadow Data

    Shadow IT is the use of cloud applications that have not been approved by IT security teams. The concerns around shadow IT have been fueled by proliferation of third-party cloud services and SaaS applications. Shadow data, a threat identified by the Blue Coat Elastica Cloud Threat Labs (BCECTL), is the sharing of sensitive and regulated information in popular cloud apps without IT security teams' knowledge, consent or control. This even applies to data that is residing in IT-approved cloud apps. Most enterprises are unaware of the high volume of data—and especially sensitive content—being broadly shared via their cloud applications.
  • Previous
    3 - Accidental Over-Sharing Is Most Common Reason for a Security Incident
    Next

    Accidental Over-Sharing Is Most Common Reason for a Security Incident

    Accidental risks can be identified as sharing data to the public, to an organization, to anyone with a link or with terminated employees due to hierarchical folder permissions. The Symantec BCECTL report addresses key trends and challenges faced by enterprises securing data stored and shared via cloud apps and services. The report shows that 23% of all files stored in the cloud are broadly shared, and, of those broadly shared documents, 12% contain compliance-related data or confidential data such as source code and legal information. According to the Verizon Data Breach Investigations Report 2016, miscellaneous errors and insider/privilege misuse were the No. 1 and No. 2 most common reasons, respectively, for a security incident in 2015.
  • Previous
    4 - The Most Destructive Security Incidents Emanate From Shadow Data
    Next

    The Most Destructive Security Incidents Emanate From Shadow Data

    Security incidents can be broadly categorized as data exfiltration, data destruction and account takeovers by hackers. Anomalous frequent downloads, file sharing and frequent logins constitute the majority of the most destructive shadow data incidents.
  • Previous
    5 - Data Breaches: A Growing Concern
    Next

    Data Breaches: A Growing Concern

    IDC predicts that more than 1.5 billion people—or about a fourth of the world's population—will be affected by data breaches by 2020. Across all industries, files are being shared that contain highly sensitive data, such as personal health information (PHI), payment card information (PCI) and personally identifiable information (PII). The potential financial impact on the average enterprise organization resulting from the sharing of this sensitive data could be devastating.
  • Previous
    6 - The Potential Cost of a Data Breach
    Next

    The Potential Cost of a Data Breach

    The Symantec BCECTL report calculated that the potential financial impact on the average organization from the leakage of sensitive cloud data was just over $2 million. Certain industries, such as health care, pose even higher financial risks. The report reveals that the average cost of a PHI data breach to an organization is $10 million. In addition, the finance, telecom and education industries also face high financial costs if PII and PCI data is leaked. For example, in February of this year, the FCC released PII violation orders to six telecom organizations with penalties ranging from $1.7 million to $9.6 million.
  • Previous
    7 - How to Safeguard Against a Potential Data Breach
    Next

    How to Safeguard Against a Potential Data Breach

    To safeguard against a potential data breach, organizations must implement security strategies that allow for consistent visibility across their organization—from data stored on a corporate network to applications running in the cloud. When running business in the cloud, IT security teams must have access to the tools needed to evaluate employees' user activities and educate these users on potential risks shadow data presents. It is important for organizations to extend data loss prevention (DLP) policies to the cloud to cover shadow data. Good cloud access security brokers (CASBs) offer DLP capabilities for the cloud, but the best solution involves extending enterprisewide DLP to cover shadow data in the cloud by integrating existing DLP with full CASB capabilities.
  • Previous
    8 - Are Your Enterprise Apps Business Ready?
    Next

    Are Your Enterprise Apps Business Ready?

    Business readiness is determined by whether the cloud app in use has attributes that meet certain security standards. These attributes fall into seven categories: compliance, data protection, administrative controls, access controls, service availability, business availability and informational. Symantec's BCECTL Shadow Data Report shows that an astounding 99% of all enterprise apps are not business ready. Of those apps, 10 percent are partially business ready, meaning they may be suitable for limited business use, at least within companies with minimal sensitive data or compliance requirements. The remainder are typically too risky for most businesses to adopt.
  • Previous
    9 - Are Your Enterprise Apps GDPR Compliant?
    Next

    Are Your Enterprise Apps GDPR Compliant?

    General Data Protection Regulation (GDPR) is a regulation by which the European Commission intends to strengthen data protection for individuals within the European Union. As a result, doing business in the EU can bring added regulatory challenges—a risk that is dramatically increased with the introduction of cloud services, many of which are hosted outside of the EU. IDC predicts that GDPR regulations are likely to have a substantial impact on many areas of an organization's business operations and will be a game-changer for any company dealing in personal data of EU citizens or businesses.
  • Previous
    10 - How to Assess Cloud Apps and Guard Against the Shadow Data Threat
    Next

    How to Assess Cloud Apps and Guard Against the Shadow Data Threat

    A comprehensive CASB solution will help to determine which cloud apps your employees are adopting and using. In fact, Gartner predicts that by 2020, 85% of large enterprises will use a CASB, significantly up from fewer than 5% today. A CASB solution can help identify which applications are business ready and satisfy your specific security requirements such as GDPR regulations and business readiness. It is also important to understand that the most successful type of CASB solution involves extending DLP to the cloud to cover shadow data by integrating existing DLP with full CASB capabilities. Additionally, CASBs assist in classifying your data and setting corporate usage policies around cloud applications—which is a critical step to avoid falling victim to the shadow data threat.
 

Shadow IT, the common practice of employees, partners and contractors using applications outside the purview of an enterprise IT system, is both a promoter of speedy work and a huge security liability. As businesses adopt more cloud apps to better perform critical tasks, they are also discovering the need to protect themselves against constant threats to their sensitive and regulated data. Enterprises have been quick to recognize the threat posed by shadow IT, but this is only half of the security story. What's not commonly understood is the threat posed by shadow data, the data created by the use of shadow IT. This eWEEK slide show uses industry information and research from IDC Research, Gartner Research and the Blue Coat Elastica Cloud Threat Labs (BCECTL) Shadow Data Report to provide an in-depth look at the shadow data threat. It identifies the risks associated with over-exposed data in the cloud, explores business readiness applications for the enterprise, identifies GDPR regulations, and provides steps on how to secure enterprise data in the cloud.

 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
Rocket Fuel