The study is based on insights into 63 million enterprise documents within leading cloud applications including Office 365, Google Drive, and Salesforce.
Shadow data is a major risk to organizations, according to Blue Coat's Elastica Cloud Threat Labs team
The ease of use of cloud-based collaboration and file sharing applications may be putting organizations at risk as they are unaware that 26 percent of documents stored in cloud apps are broadly shared – meaning any employee can access them, and in some cases are discoverable in a Google search.
This is according to the Q4 2015 Shadow Data Report released by Blue Coat's Elastica Cloud Threat Labs team on Wednesday. The study is based on insights into 63 million enterprise documents within leading cloud applications including Office 365, Google Drive, and Salesforce.
The report identifies shadow data as any sensitive information that is uploaded and shared in cloud apps without the knowledge of IT security teams. This isn’t the first time Elastica has explored the risks of shadow IT, having investigated the risks to the healthcare industry in particular in its Q2 2015 report.
Indeed, the healthcare industry is at greater financial risk from the leakage of sensitive cloud data than the average organization, with a potential impact reaching up to $12 million compared to the $1.9 million cost to an average organization.
“We’ve reached a point in the security lifecycle where shadow IT should no longer be the primary focus. By now, organizations should have a grip on cloud applications available and have enforceable policies in place with the ability to control which are in use,” Blue Coat Systems and Elastica founder Rehan Jalil said in a statement. “It’s time to start focusing on the real problems, which are the need to know what types of information employees are sharing, who is able to access data and how to stop high-risk exposures that lead to data breaches.”
According to the report, one in 10 documents shared broadly contain data that is subject to compliance regulations, such as Protected Health Information (14 percent) and Payment Card Industry data (5 percent).
The Q4 2015 report can be downloaded from Elastica’s website.