CloudSOC CASB Gateway

 View Only

Symantec Publishes Shadow Data Report on Latest Security Risk Trends in Cloud Apps for 1H 2017 

Nov 01, 2017 05:12 PM

Organizations continued to rapidly embrace the cloud in the first half of 2017. Symantec researchers found that data exposure and loss continues to dominate the risk landscape. And organizations continue to increase the number of cloud applications they use – both sanctioned and unsanctioned cloud apps often referred to as Shadow IT.  


Data is at risk

In the first half of 2017, enterprises “broadly shared” 20% of all files in cloud file sharing apps and 29% of emails in cloud email apps. To be classified as “broadly shared”, a file must be shared with the entire organization, an external third party, or publicly with anyone who has a link to the file. Any file or email broadly shared is at risk of exposure, so it is especially important to control documents  that contain confidential data such as Personally Identifiable Information (PII), Protected Healthcare Information (PHI), and Payment Card Information (PCI).


CASB users expose less in file sharing

In the past, it was typical to discover that 10% or more of broadly shared files in file sharing apps contained sensitive data.  Today, security conscious organizations using CloudSOC are doing better with only 2% of their broadly shared files in file sharing apps containing confidential and regulated data. However, PHI data leads the pack within these broadly shared files as the confidential data type most at risk representing a whopping 79% of broadly shared content in file sharing apps.

Percentage of files in cloud file sharing that are at risk of exposure.


Email still an issue

We are still not out of the woods because while it looks like a lower percentage of files in cloud file sharing apps contain compliance data than before, Email continues to be an area of concern with 9% of broadly shared emails containing confidential content. PII is the dominant type 

Percentage of content at risk in email that contains compliance related data.


Compliance related data at risk

With organizations standardizing on cloud file sharing platforms, it should be expected that some compliance related data will be stored in the cloud. If we look at all files in file sharing apps that contain regulated content we found that a surprisingly high percentage of these files are broadly shared. Research found that 65% of all files containing PHI data, 26% of all files containing PII data, and 17% of all files containing PCI in file sharing apps are broadly shared. 

Percentage of files containing compliance related data that are broadly shared in cloud file sharing apps.


Watch out for data exfiltration

Cloud apps are a popular target for bad actors and our research tracks a number of high risk actions in the cloud. Data loss dominates cloud threat findings with 71% of high risk behavior indicating attempts to exfiltrate data. 

High risk user behavior identified that indicates a threat to a cloud account.


More cloud app Shadow IT

Organizations are using many more cloud apps than what is typically assumed by IT professionals with the average number of different cloud apps in use at an enterprise increasing to 1,232. This is a 33% increase over the second half of 2016.


Recommendation to reduce cloud risks

You should adopt a fully featured cloud access security broker (CASB), such as Symantec CloudSOC, that ALSO integrates with the rest of your enterprise security to share intelligence and leverage extended control points. This is a CASB 2.0 approach to cloud security where your CASB is not a separate island of security in the cloud, it is a solution that natively integrates with your existing security solutions.

Symantec CloudSOC CASB provides: 

  • Auditing of shadow IT that integrates with Symantec ProxySG and Web Security Service secure web gateways for automated control over the use of cloud apps
  • Real-time detection of intrusions and threats that integrates with Symantec VIP for intelligent user authentication and Symantec advanced malware protection
  • Protection against data loss and compliance violations that integrates with Symantec DLP and Information Centric Encryption for consistent information protection policy control everywhere (on-premises and in the cloud)
  • Investigation of historical account activity for post-incident analysis that integrates with popular SIEMs and Symantec’s Managed Security Service.


About the Symantec CloudSOC Shadow Data Report

The Symantec CloudSOC Shadow Data Report covers key trends and challenges organizations face when trying to ensure their sensitive data in cloud apps and services remains secure and compliant. Covering the first half of 2017, this report is based on the analysis of over 22K cloud apps and services, 465M documents and 2.3B emails—nearly double the data from the last report. All data is anonymized and aggregated to protect Symantec CloudSOC customer confidentiality. 

Get the full 1H 2017 Shadow Data Report here.









0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.