One Out of Five Sensitive Files Exposed Publicly

June 9, 2015 Ashish Garg

Netskope Cloud Report - Sensitive Data

Today we released our Cloud Report for Summer 2015 – global as well as and Europe, Middle East and Africa versions.

The focus of this report is on cloud data loss prevention (DLP). In our cloud, we identify policy violations for DLP profiles, including personally-identifiable information (PII), payment card industry information (PCI), protected health information (PHI), source code, profanity, and “confidential” or “top secret” information.

Two of our most dramatic findings were that, when our customers scanned their content at rest in sanctioned apps, 17.9 percent of all files violated a DLP policy and, of those, 22.2 percent were shared with one or more people outside of the company.

Drilling further into DLP violations, we looked at violation type. Over half of the DLP violations across aggregate Netskope Active Platform customers are either PII or PCI, with the next category being a custom, regular expression catch-all “confidential” violation. While this is probably not unexpected, it is worth noting that two things need to happen for a policy violation to occur: IT needs to set the policy, and a user needs to trigger it. So even if sensitive data is in the cloud, if it’s not being specifically targeted in a DLP policy, it won’t be detected. We expect confidential violations to grow in numbers as enterprises get to the next level with their custom, regex policies and identify more information they want to protect.

  Category Percent DLP Policy Violations
1. Personally Identifiable Information (PII) 27%
2. Payment Card Industry Information (PCI) 24%
3. Confidential or Top Secret 17%
4. Source Code 16%
5. Protected Health Information (PHI) 12%
6. Profanity 4%

One thing we noticed was the activities associated with these violation types. When it comes to PII, PCI, and PHI, there are more violations associated with the “upload” and “download” of data than any other activity. We also looked at categories, finding that 90 percent of all DLP violations happened in Cloud Storage. The remaining 10 percent occurred in Webmail, CRM, and Social Media.

So, based on these findings, what can you do to mitigate risk and protect data in the cloud? Download the report here for more findings and our top three quick wins for enterprise IT.

The post One Out of Five Sensitive Files Exposed Publicly appeared first on Netskope.

Previous Article
Two Trends are Linked: Growth in Office 365 and Decline in Overall Apps
Two Trends are Linked: Growth in Office 365 and Decline in Overall Apps

Two Trends are Linked: Growth in Office 365 and Decline in Overall Apps

Next Article
5 Ways that Steve Kerr would coach users on how to safely use the cloud
5 Ways that Steve Kerr would coach users on how to safely use the cloud

I was just a young kid in 1975 the last time the Golden State Warriors won...