CloudSOC CASB Gateway

 View Only

2H 2016 Shadow Data Report: Companies More Collaborative, More Secure and More in the Cloud than Ever Before 

Mar 15, 2017 12:13 PM

Organizations continue to embrace the cloud with higher use of file sharing and adoption of even more cloud applications.  In the second half of 2016, Symantec customers on average broadly shared more files in the cloud than ever before. At the same time, they are sharing data more responsibly. Research shows a significant reduction in the percentage of broadly shared files in the cloud that contain confidential or compliance related content. Organizations also continue to increase the number of cloud applications in use – both sanctioned applications and unsanctioned applications often referred to as Shadow IT. 


More Data Sharing with Less Exposure

In the second half of 2016, on average customers are broadly sharing 25% of all files in cloud files sharing applications. The percentage of files broadly shared that contain sensitive data has decreased to an all-time low of 3%. To be classified as “broadly shared”, a file is shared to the public, to the entire organization, or to an external third party. In the past, it was typical to discover that 10% or more of broadly shared files contained sensitive data.  


Blog Shadow Data Report image white 2.png


Compliance Data and Emails at Risk

We are still not out of the woods because while it looks like a lower percentage of files in cloud file sharing contain compliance data than before, a surprising percentage of files with Protected Health Information (PHI), Personally Identifiable Information (PII), and Payment Card Information (PCI) data that make it to the cloud are potentially exposed. 


In file sharing applications PHI data leads the pack with 82% of all files at risk of exposure, followed by 43% of files containing PII and 42% of files containing PCI data. Email risk exposure is generally higher than file sharing exposure. 27% of emails and attachments are broadly shared and 8% of emails contain compliance related data.


More Shadow IT in Use

Organizations are using many more cloud applications than what is typically assumed by IT professionals. Shadow IT discovery research shows organizations use 928 different cloud applications on average. This is a 10% increase over the first half of 2016.


Blog Shadow data report image white 1.png


Research Findings

The Shadow Data Report for the second half of 2016 provides the latest insights into cloud adoption, usage, and threats to help organizations navigate their adoption of cloud applications and implementation of cloud security. The findings in this report are based on anonymized meta data analysis of over 20K cloud apps, 175M cloud documents, and 1.3B emails.


Get the full 2H 2016 Shadow Data Report here.

0 Favorited
0 Files

Tags and Keywords


May 12, 2017 04:18 PM

Unfortunately, I haven't seen much of the "responsible" sharing mentioned in the beginning of the article.  Too many end users (employee or not) fly by the seat of their pants and trust the security of the cloud apps to do the "responsible" part for them.  Call it user-education issues.  Too often, it takes a threat to open their eyes.  :-\

May 11, 2017 11:20 AM

Shadow IT has been a concern for years but somehow organizations live with it regardless of being in the cloud. The question again comes of public or private cloud apps. If we are having a corporate Dropbox account, employees will be using private Dropbox too for certain uses and may use it for sharing or keeping a personal copy of corporate data they have worked on.

Security Awareness plays a great role in reducing the use of Shadow IT. As mentioned in the article people are sharing more responsibly, they are more aware of risks, and I have personally seen many of our customers improving greatly over time in their IT habits.

May 09, 2017 04:22 PM

These are some interesting numbers that show the need for DLP in the cloud. I know Symantec has a solution that integrates with the Bluecoats, elastica, and DLP. The last DLP user group I attended displayed a demo of the integration and protection capabilities. Also, I think Symantec is still offering the free service of analyzing egress data captures to shine light on cloud solutions. 

May 02, 2017 02:14 PM

La nube no es un secreto ya no es innovacion es parte de nuestro dia a dia, las empresas y usuarios finales utilizan la "nube" constantemente y es resposanbilidad de todos los que trabajamos en seguridad de velar por el buen "uso" o las mejores practicas para resguardar la informacion asi como la fuga. Symantec puede ayudar a esa gestion de perdida de informacion como el uso seguro.

Apr 04, 2017 08:39 AM

I look at Cloud as short term savings, long term hassle.  That is my personal opinion based on my limited knowledge of cloud.  Henceforth, I am personally not a big fan of it yet but perhaps in future my opinion will change.

My professional opinion from a IT perspective about cloud is it reminds me of an old saying that my mentor use to say, never put all your eggs in one basket.  Let's say my whole environment is now depended on AWS, what happens when AWS goes down?  I have no control over or knowledge of what the backened engineering is, how the DR locations are set up as.  Atleast within the internal data centers of an organization, I have somewhat control of what to do in case of an outage. What layer to start troubleshooting at whereas in cloud, we are completely dependent on expertise of the provider.  I do not know if I have that much trust in the providers yet as they seem to be maturing while using production as a big old test.  I am referring to the recent outages by cloud providers such as Amazon AWS S3 outage. One thing that providers can do to make admins like me more comfortable with cloud is actually provide their incident management workflows to the public.  This doesn't have to include their actual internal data but something visual where during an outage, we know where the troubleshooting efforts are being done.  


Apr 03, 2017 06:03 AM

With the every changind threat landscape I'm not surprised security has increased, it's hard to stay ahead of the game. Good to see more of a focus on security from these company. As always great article, thanks.

Mar 27, 2017 11:06 AM

El detalle con la nube es que las empresas deben quitarse la venda de los ojos y darse cuenta que la nuebe no es el futuro es el presente y buscar las herramientas  para adoptarla de manera segura.  Definitviamente este se3gmento apuna hacia el CASB + DLP es la manera de eviatar que los usuarios compartan informacion de manera inadecuada y expongan al negocio!!

Mar 24, 2017 11:32 AM

interesting article, especially seeing the stats around cloud usage. Seems that companies are finally seeing the importance of security around these services. Hopefully now easy of deployment and access doesn't have to be traded off against security

Mar 20, 2017 06:49 AM

Cloud-native integration allows DevOps to build security directly into application deployment workflows, while support for Chef and Puppet automates configuration, provisioning, and patching. Access to the Symantec Global Intelligence Network protects workloads against the latest global attacks and vulnerabilities, providing peace of mind for large enterprises and born-in-the-cloud businesses.

Mar 18, 2017 04:27 AM

Fortunately, there’s a solution to these challenges: cloud-based, enterprise file sync and share (EFSS). Today’s solutions can help would-be collaborators achieve their objectives while still respecting security rules. Working groups can share folders, files and workflows within a well-defined framework. This means business users and analysts can gain greater insight via a more natural flow of information and ideas—even as IT and data security executives achieve enhanced governance.

Mar 18, 2017 04:23 AM

Individual companies acting on their own behalf face talent constraints—just how many security engineers can any one company afford to employ? By contrast, for cloud providers, security is a core requirement for their service offerings, meaning they will invest whatever is needed to deliver world-class results. I feel the article is moderately placed.

Mar 18, 2017 03:10 AM

Interesting Article. Cloud has always presented a compelling business case. Not only does it reduce the fixed costs of IT spending, it also introduces potential advantages such as flexibility and scalability. Still, the concern most frequently and vocally expressed is security: how can something enabling so much access and interoperability be secure? 

Mar 17, 2017 08:43 PM

Interesting stats and I'm not surprised security has increased with the threat landscape these days but for those of us here in Hawaii, going to the cloud isn't usually cost effective.  Also from our past experience, this technology just couldn't cut it where response times were usually less than desirable.  This is the price we pay for living in "paradise".  ;-)

Mar 17, 2017 11:03 AM

The uptake of cloud in our business has been key to growth and flexible working, the security of these areas is essential to us and our intellectual property. But any risks are far outweighed by the benefits.

Mar 17, 2017 10:39 AM

Great insight into the use of cloud and what types are being shared, always good to have some stats to backup the info.

It's an interesting topic with many companies leaving the physical and relying on cloud, it's a risk as we saw with the AWS outage.

Mar 17, 2017 07:23 AM

So it looks like organisations are finally becoming aware of data security.  But those figures are still surprisingly high.  3% of a massive amount is still a lot.  Articles like this are a very good way of getting the message home that you can't be to comfotable about your data, you need to keep on top of it.

Mar 17, 2017 05:15 AM

Wow some interesting stats there, I'm not suprised that companies underestimate the amount of cloud apps they use. The average usage is interesting too, higher than I would have guessed. Great article thanks symantec

Mar 17, 2017 12:32 AM

Definately see more and more not just talked could like before, more and more people start to load the data to cloud. however, cooperation is still very cautous to move that direction, it think could is the trend, large cooperation evntually have no choice to move there as their clients will be there.

Mar 16, 2017 06:49 PM

Granted we can't hide from the "new norm" but the main issue remains user education. A little paranoia is good for you :)

Mar 16, 2017 03:11 PM

We are in the middle of migrating from our on-premise Exchange over to Office 365 to save costs while at the same time, looking to expand our user base and so far it's doing good. Generally, the feedback are positive. Staff like the idea of being able to access all of their files while 'on the move' including e-mails.

We are still however researching & 'polishing up' the policy on how to handle confidential data/files that are on the cloud. Currently, most of the files are still stored on our SAN to ensure the data are protected.

Still, exciting times ahead!

Mar 16, 2017 11:30 AM

Your right with companies more and more adopting the Cloud into their business model it can only lead toards more collaboration.

I really enjoyed the detail inside the 2016 Shadow Report,  i have already shared it with some peers.

Emails , unfortunately, will always be at the top of any risk list,  Its nature allows for much easier social engineering scams thsly will cause a spike in leakages and security risks.

Mar 16, 2017 11:22 AM

Lots of potential risk here but good to see Symc is on top of it. The cloud is only going to continue to to expand but with the Symc/BC merger and the CASB option, I feel much safer. Had the opportunity to see a demo of it and it's a game changer.

Mar 16, 2017 11:18 AM

Shadow IT can open up some big holes in a network. It's good that "broadly shared" data is at an all-time low, though! We really need to strat cracking down on all the PHI and PII that's being shared though :(

Mar 16, 2017 11:18 AM

Great article @Symantec!

I can definitely say that, for my company, we have had more/better security efforts and more additions in collaboration tools.  Cloud wise, we are in the middle of moving just about everything to it, so we are definitely in these numbers as well.  :)

Mar 16, 2017 10:58 AM

Good to see that cloud security is getting better. I still don't have a warm and fuzzy with how secure the cloud really is even with strong encryption. Hopefully in years to come it will be bullet proof. - As for me I'm more comfortable with everything on premises. Maybe I'm old school....

Mar 16, 2017 10:21 AM

After working at a place that leveraged Office 365 I struggle working at a place that doesn't use the product.  THe cloud and the availablity of the data anywhere on any device is the best reason to move to the cloud.

Protecting that data is what makes things difficult.


No you just need a tool that can discover the "shadow IT" in your enviroment.

Mar 16, 2017 10:14 AM

I wouldn't say that I find this surprising. It is becoming increasingly cheaper for companies to migrate their services or infrastructure on the cloud. We can definitely expect rise in sensitive data being hosted on the cloud. As long as symantec can come up with a tool that will Alert companies of their sensitive data getting on the cloud we should be good.

Mar 16, 2017 09:16 AM

Businesses are generally using many more cloud applications than what is typically assumed by IT professionals. It's good to see a general trend of improvement in how files are shared and best practices around security. However this is difficult as access to cloud services isn't alwayse something that can be stopped or controlled.

Mar 16, 2017 08:38 AM

The environment is moving to a cloud file sharing architecture of it hasn't already. It is easier for the various individuals to share files with outside parties via a cloud solution such as box or OneDrive. Just as with anything done on the Internet, it should be done with caution and verify the proper safeguards are in place to protect both parties.

Mar 16, 2017 06:41 AM


Thank you Deena for the full 2H 2016 Shadow Data Report.

Improving cloud cost management provides a significant opportunity for savings, since few companies are taking critical actions to optimize cloud costs, such as shutting down unused workloads or selecting lower-cost cloud or regions. The most common optimization action is monitoring utilization and rightsizing instances (45 percent of enterprises and SMBs). 36 percent of SMBs are purchasing AWS Reserved Instances (RIs) to save money, but only 21 percent are tracking purchased RIs to make sure that they are being fully utilized. When purchased RIs are not fully used, the savings decline, and the RI can even end up costing more than on-demand instances.

Spiceworks’ recent 2016 cloud services report found that 93% of organizations have at least one cloud app. And for most companies, hosting was a natural fit for the cloud. The top two cloud-based services used were web hosting (76%) and email hosting (56%) with an additional 5% and 13% respectively expected to use it in the coming year.

With Office 365, Salesforce, Box, Google Apps, SAP's Concur and Amazon Web Services are the most popular Cloud apps being used today at work.

Naturally, we are seeing the entire work load moving towards the Cloud.



Mar 16, 2017 06:30 AM

It's good to see a general trend of improvement in how, and what, files are being shared. It's also definitely true about shadow IT, speaking from experience. Unfortunately, for a number of reasons, access to these services is not always something that can be controlled and their ease of use (not a complaint) makes this an ever growing issue.

Mar 16, 2017 05:49 AM

Lots of business are moving to the cloud, essentially outsourcing services. It's only logical that the security of this data is taken seriously. Interesting to read that in the second half of 2016, on average customers were sharing 25% of all files in cloud!

Mar 16, 2017 05:38 AM

An interesting article, thanks. Cloud storage is a hot topic these days with the use of 365, Google apps and a host (pun intended) of other services. Only logical that security forms part of any deployment.

Mar 16, 2017 03:35 AM

Today most of the companies are going to cloud for office 365 applications. Also lot of services moving to Microsoft azure and Amazon aws. Looking at this security in cloud is one of the hot topic these days. Even we have started giving cloud security and looking forward for more cloud security products there in market. Cloud security makes sure that we have excellent response times from the vendors and super failure backup.

Mar 16, 2017 03:10 AM

As we founded our company, we decided to have no physical office. We only work in the cloud, with cloud application like Google Apps for Work and Test servers in the Amazon cloud and we want to back! One of the best decision we made

Related Entries and Links

No Related Resource entered.