Unauthorized cloud and enterprise file synchronization and sharing (EFSS) applications are a major concern for businesses when it comes to potential data loss or theft, with a quarter of businesses saying it is very likely sensitive data has been jeopardized because of them.
These were among the findings of a survey of 200 IT and cyber-security professionals with knowledge, responsibility and involvement in the planning, implementation and/or operations of their organization’s data security policies, processes and/or technical safeguards.
The survey, sponsored by Seclore and conducted by research firm Enterprise Strategy Group (ESG), found 98 percent of respondents cited the loss or theft of sensitive data as a top or significant concern.
“The fact that the users are concerned about the loss of sensitive data is not surprising, but the fact that an appreciable percentage of the participants suspected it had, in fact, already happened and the number of vehicles that they cited as having contributed to data leakage was surprising,” Doug Cahill, senior analyst at ESG, told eWEEK.
He said some of the steps organizations should employ include multifactor authentication for access to its most sensitive data, adopting a contemporary enterprise digital rights management solution to create a data perimeter to control and monitor data access and usage, and analytics to detect anomalous activities.
In addition, ESG prescribes a defense in-depth security model.
“As such, in addition to encryption and data-loss prevention policies, analytics and enterprise digital rights management solutions designed for today’s cloud-first and mobile workforce offer a view into the future,” Cahill said.
Organizations are quickly adopting EFSS services as a means to share files, with 75 percent of respondents noting EFSS is used frequently to share files with others and 54 percent noting that their users use two to three authorized and unauthorized file-sharing services.
This use of unauthorized EFSS presents a dichotomy with concerns that 58 percent of participants cited as limiting their investment in cloud-based EFSS solutions.
The need to collaborate with third parties including partners, contractors and customers is making sharing files with such audiences commonplace, with 34 percent of participants indicating that 26 percent to 50 percent of their employees regularly share files with individuals external to their organizations.
Not only did nearly all survey respondents cite the loss of sensitive data as a top or significant concern, but many also indicated it was very or somewhat likely that their organization has already lost data via a variety of ways in the last 12 months.
Of note, participants cited data-loss vectors such as files being inadvertently emailed to the wrong person (cited by 67 percent of respondents), unauthorized access (66 percent) and lost portable storage devices (61 percent).