SAN JOSE, CA — (Marketwired) — 10/23/14 — , the leader in Data Science Powered Cloud Application Security, today unveiled an detailing results of its security analysis of more than 100 million files being shared and stored in leading public-cloud applications. Research revealed that 20 percent of broadly shared files contain compliance-related data, 5 percent of enterprise users are responsible for driving 85 percent of the exposure risk, and employees each store an average of 2,037 corporate files in the cloud.
Further analysis revealed that files being stored and shared among insiders and outsiders hold sensitive personal health information (PHI) regulated by HIPAA, personally identifiable information (PHI) such as social security numbers, and customer payment card information regulated by the Payment Card Industry Data Security Standard (PCI DSS).
The research uncovered that sensitive data shared broadly within and outside organizations without IT security teams– knowledge, known as “shadow data,” is an emerging threat within enterprises that are integrating cloud applications into their infrastructures. The extreme volume of sensitive and regulated data being shared in the shadows is placing global organizations at risk of costly compliance violations and major data breaches that could impact millions of consumer identities and accounts as well as corporate IP.
“While uncovering shadow IT is important, the massive adoption of file sharing services demands deeper analysis of –shadow data– to understand what is being exposed via the cloud and the level of risk and threats this poses for the enterprise,” said Rehan Jalil, President & CEO of Elastica. “The advanced data science algorithms within the Elastica CloudSOC platform reveal these risks and allow organizations to define and enforce policies that prevent data breaches and compliance violations.”
Based on results gathered through the Elastica CloudSOC platform, which enables transaction-level security for cloud apps and services, Elastica discovered that enterprise employees are each storing an average of 2,037 files and that these files are being shared directly with other internal users, across companies with select users and with the public at large. Data is being placed at risk primarily via files being shared broadly across entire organizations, externally and publicly. Scans on these high-risk files revealed:
68 percent are shared with the whole company, across functional groups
19 percent are shared with external users
13 percent are shared publicly
In particular, regulated data is in jeopardy, including personally identifiable information (PII), PHI and consumer payment card information. Of all the files that are broadly shared, the analysis found 20 percent contain compliance related data, with the following breakdown:
56 percent contained PII, including social security numbers
29 percent contained PHI
15 percent contained payment card information
Research also indicates that the vast majority of risk is associated with a relatively small number of users. Just 5 percent of the users sharing high-risk content are driving 85 percent of the resulting risk exposure. This finding highlights the value of identifying the highest-risk users in an organization. In doing so, IT security teams can hone in on the biggest impact in resolving compliance risks.
Access the research – To summarize the findings, Elastica produced a detailed infographic summarizing the results of the scans, click ()
Follow the blog – For added commentary and regular insights, visit our blog:
Like Elastica on Facebook:
Follow Elastica on Twitter:
Join Elastica on LinkedIn:
Elastica is the leader in Data Science Powered Cloud Application Security. Its platform empowers companies to confidently leverage cloud applications and services while staying safe, secure and compliant. A range of Elastica Security Apps deployed on the extensible CloudSOC platform deliver the full life cycle of cloud application security, including auditing of shadow IT, real-time detection of intrusions and threats, protection against intrusions and compliance violations, and investigation of historical account activity for post-incident analysis. Learn more about Elastica at . Follow us on Twitter @ElasticaInc
Image Available:
Joe Franscella
Bhava Communications for Elastica
209-597-6656
You must be logged in to post a comment Login