Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    The Shadow Data Threat: What It Is and How to Safeguard Against It

    By
    Chris Preimesberger
    -
    September 23, 2016
    Share
    Facebook
    Twitter
    Linkedin

      PrevNext

      1The Shadow Data Threat: What It Is and How to Safeguard Against It

      1 - The Shadow Data Threat: What It Is and How to Safeguard Against It

      Organizations making more and more use of cloud apps should be aware of shadow data threats as well as shadow IT.

      2Shadow IT vs. Shadow Data

      2 - Shadow IT vs. Shadow Data

      Shadow IT is the use of cloud applications that have not been approved by IT security teams. The concerns around shadow IT have been fueled by proliferation of third-party cloud services and SaaS applications. Shadow data, a threat identified by the Blue Coat Elastica Cloud Threat Labs (BCECTL), is the sharing of sensitive and regulated information in popular cloud apps without IT security teams’ knowledge, consent or control. This even applies to data that is residing in IT-approved cloud apps. Most enterprises are unaware of the high volume of data—and especially sensitive content—being broadly shared via their cloud applications.

      3Accidental Over-Sharing Is Most Common Reason for a Security Incident

      3 - Accidental Over-Sharing Is Most Common Reason for a Security Incident

      Accidental risks can be identified as sharing data to the public, to an organization, to anyone with a link or with terminated employees due to hierarchical folder permissions. The Symantec BCECTL report addresses key trends and challenges faced by enterprises securing data stored and shared via cloud apps and services. The report shows that 23% of all files stored in the cloud are broadly shared, and, of those broadly shared documents, 12% contain compliance-related data or confidential data such as source code and legal information. According to the Verizon Data Breach Investigations Report 2016, miscellaneous errors and insider/privilege misuse were the No. 1 and No. 2 most common reasons, respectively, for a security incident in 2015.

      4The Most Destructive Security Incidents Emanate From Shadow Data

      4 - The Most Destructive Security Incidents Emanate From Shadow Data

      Security incidents can be broadly categorized as data exfiltration, data destruction and account takeovers by hackers. Anomalous frequent downloads, file sharing and frequent logins constitute the majority of the most destructive shadow data incidents.

      5Data Breaches: A Growing Concern

      5 - Data Breaches: A Growing Concern

      IDC predicts that more than 1.5 billion people—or about a fourth of the world’s population—will be affected by data breaches by 2020. Across all industries, files are being shared that contain highly sensitive data, such as personal health information (PHI), payment card information (PCI) and personally identifiable information (PII). The potential financial impact on the average enterprise organization resulting from the sharing of this sensitive data could be devastating.

      6The Potential Cost of a Data Breach

      6 - The Potential Cost of a Data Breach

      The Symantec BCECTL report calculated that the potential financial impact on the average organization from the leakage of sensitive cloud data was just over $2 million. Certain industries, such as health care, pose even higher financial risks. The report reveals that the average cost of a PHI data breach to an organization is $10 million. In addition, the finance, telecom and education industries also face high financial costs if PII and PCI data is leaked. For example, in February of this year, the FCC released PII violation orders to six telecom organizations with penalties ranging from $1.7 million to $9.6 million.

      7How to Safeguard Against a Potential Data Breach

      7 - How to Safeguard Against a Potential Data Breach

      To safeguard against a potential data breach, organizations must implement security strategies that allow for consistent visibility across their organization—from data stored on a corporate network to applications running in the cloud. When running business in the cloud, IT security teams must have access to the tools needed to evaluate employees’ user activities and educate these users on potential risks shadow data presents. It is important for organizations to extend data loss prevention (DLP) policies to the cloud to cover shadow data. Good cloud access security brokers (CASBs) offer DLP capabilities for the cloud, but the best solution involves extending enterprisewide DLP to cover shadow data in the cloud by integrating existing DLP with full CASB capabilities.

      8Are Your Enterprise Apps Business Ready?

      8 - Are Your Enterprise Apps Business Ready?

      Business readiness is determined by whether the cloud app in use has attributes that meet certain security standards. These attributes fall into seven categories: compliance, data protection, administrative controls, access controls, service availability, business availability and informational. Symantec’s BCECTL Shadow Data Report shows that an astounding 99% of all enterprise apps are not business ready. Of those apps, 10 percent are partially business ready, meaning they may be suitable for limited business use, at least within companies with minimal sensitive data or compliance requirements. The remainder are typically too risky for most businesses to adopt.

      9Are Your Enterprise Apps GDPR Compliant?

      9 - Are Your Enterprise Apps GDPR Compliant?

      General Data Protection Regulation (GDPR) is a regulation by which the European Commission intends to strengthen data protection for individuals within the European Union. As a result, doing business in the EU can bring added regulatory challenges—a risk that is dramatically increased with the introduction of cloud services, many of which are hosted outside of the EU. IDC predicts that GDPR regulations are likely to have a substantial impact on many areas of an organization’s business operations and will be a game-changer for any company dealing in personal data of EU citizens or businesses.

      10How to Assess Cloud Apps and Guard Against the Shadow Data Threat

      10 - How to Assess Cloud Apps and Guard Against the Shadow Data Threat

      A comprehensive CASB solution will help to determine which cloud apps your employees are adopting and using. In fact, Gartner predicts that by 2020, 85% of large enterprises will use a CASB, significantly up from fewer than 5% today. A CASB solution can help identify which applications are business ready and satisfy your specific security requirements such as GDPR regulations and business readiness. It is also important to understand that the most successful type of CASB solution involves extending DLP to the cloud to cover shadow data by integrating existing DLP with full CASB capabilities. Additionally, CASBs assist in classifying your data and setting corporate usage policies around cloud applications—which is a critical step to avoid falling victim to the shadow data threat.

      PrevNext
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×