Shadow-IT threat bites as analysis finds 23% of shared cloud-app documents available to public

One in ten files shared within cloud applications is exposing sensitive or regulated data to potential compromise, according to an analysis of cloud file-sharing that placed the average potential losses from unmanaged 'shadow IT' at some $1.9m per organisation.

That figure was as high as $5.9m for education providers and $12m for healthcare providers, security provider Blue Coat Systems’ Elastica subsidiary calculated based on its analysis of some 63 million documents stored within cloud applications such as Microsoft Office 365, Google Drive,, Box, and others.

The analysed documents included information such as source code (in 48 percent of cases), personally identifiable information (PII) (33 percent), protected health information (PHI) (14 percent), and payment card industry (PCI) data (5 percent).

Education and healthcare institutions were particularly exposed, the 2H 2015 Shadow Data Report found, due to “the large number of documents stored by educational organisations and the preponderance of PHI data in the healthcare industry.... Leakage of PHI documents is potentially more devastating than the leakage of PII or PCI data as it often includes a richer source of data that can be exploited for phishing and other social engineering attacks.”

Large healthcare organisations have suffered numerous breaches in recent years: healthcare provider Premera, for example, lost personal data on 11 million customers in an attack last year that was said to have been perpetrated by the same group that previously stole 78.8m records from healthcare giant Anthem and 21.5m records from the US Office of Personnel Management.

While those attacks were perpetrated by experienced hackers who had targeted their victim organisations, the figures – from Blue Coat's recently acquired Elastica Cloud Threat Labs team – highlight the additional risk from unmanaged employee use of cloud-based applications, which has increased from an average of 774 apps per organisation last year to 812 apps now.

As well as exposing organisations to direct security threats due to loss of control over their documents, cloud platforms tended to foster broad sharing of documents in ways for which they may not have been authorised.

Some 26 percent of documents stored in cloud apps are “broadly shared”, the analysis warned, noting that this sharing may variously make sensitive documents accessible to large numbers of employees as well as outside contractors, partners, and the Web at large. Some 23 percent of the documents analysed were shared publicly, allowing anybody with a link to access them.

Analysis of cloud-app usage suggested that many users are taking screenshots of sensitive data and sharing them far and wide – a conclusion reached by noting the “anomalous frequent previews” of documents in 3 percent of observed cases.

File sharing was fingered in 41 percent of cases where shadow-IT tools were threatening security, while email sending was noted in 18 percent and “frequent downloads” in 15 percent of cases.

The Blue Coat analysis also found that just 2 percent of cloud users were responsible for “all data exfiltration, data destruction, and cloud account takeover attempts detected” – showing the importance for organisations to be able to identify those users and remediate their security exposure.

Better staff training was identified as one of three key security tips for companies concerned about their shadow-IT exposure; the other two were in identifying risky apps – which allows CSOs to “make smart choices regarding which apps to sanction” – and in visualising data by drilling down into discovered documents to analyse them and the business risk that their sharing presents.

Tools for monitoring shadow IT usage often elude businesses – particularly smaller ones with limited resources. Aiming to resolve this, Elastica recently began offering its auditing tools to Telstra, which is rebundling the services for provision to its managed security services customers.

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard.

For full terms and conditions click here.

Start survey NOW!

Join the CSO newsletter!

Error: Please check your email address.

Tags healthcare providerscloud applicationseducationSalesforce.comMicrosoft Office 3652H 2015 Shadow Data ReportGoogle DriveBoxanalysiscloud-apphealthcare institutionsShadow-IT threatBlue Coat Systems’

More about AppleBlue Coat SystemsCSOElasticaGigamonGoogleMicrosoftSalesforce.comVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place