Good talking with Salim Hafid, Product Manager at Bitglass about the results of its latest data security study, Datawatch: Avoiding the Riptide of Corporate Data Exposure. As adoption of cloud and mobile continues to rise, common employee practices inside and outside the workplace create risk for enterprises.
“Over the past several years, organizations have enabled employee mobility and collaboration by deploying cloud,” said Rich Campagna, Bitglass CEO. “A single risky login or unauthorized share can subvert a company’s entire security investment.”
To uncover the risks posed by users’ data-related habits, the Bitglass Threat Research Team tested real-world scenarios – frequency of connections to unsecured Wi-Fi hotspots, the rate of external sharing in cloud applications, and the volume of corporate credentials already exposed.
With Wi-Fi hotspots set up in random public spaces, Bitglass was able to capture and analyze user traffic. In the 10-hour sample period, one-in-five people connected to the unsecured hotspots. Had a malicious hacker done the same, more data could easily have been captured. While public Wi-Fi is a known risk, the study demonstrates the frequency with which employees put data and credentials at risk.
The experiment found that:
One in five individuals connected to Bitglass’ unsecured Wi-Fi over the 10-hour sample period; a slightly longer time frame than a typical work day.
21 people accessed enterprise cloud applications over the unsecured Wi-Fi hotspot, including Office 365, Salesforce, Adobe Marketing Cloud, ADP, Slack, and Asana – putting corporate data at risk.
Two connected devices navigated to known malware hosts, creating additional risk for data compromise.
I was surprised only 20 percent of individuals connected to the unsecured Wi-Fi as I thought people were looking for free Wi-Fi access everywhere they went. I know I am - especially when traveling. Perhaps there were other branded sites available?
Separately, the Bitglass team analyzed the cloud applications of its enterprise customers to uncover the volume of shared cloud data. These cloud applications, designed to enable sharing and collaboration, have become a major risk and one of the top drivers of enterprise data leakage.
The team found that:
51 percent of data stored in Google Drive is shared with individuals outside of the enterprise – significantly more than data in other apps.
Roughly 19 percent of corporate data stored in Dropbox is publicly available.
In organizations with Office 365 deployed, 69.5 percent of OneDrive data is shared internally on average.
According to Salim, only 10 to 15 percent of companies are using a cloud access security broker (CASB). Gartner estimates 85 percent of Global 2000 companies will be using a CASB by 2020 given the importance of protecting data and meeting regulatory requirements.
In addition to investing in a CASB, organizations need to take a holistic view of security and protect data consistent with policies and controls while deploying proper access controls.