Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Firms Have 200+ Unencrypted ‘Password’ Files in OneDrive

Organizations must take greater responsibility when it comes to the security and compliance of their OneDrive data, according to a new report from Skyhigh Networks.

The cloud access security broker (CASB) analyzed usage data for more than 27 million employees working at over 600 enterprises and found serious lapses – particularly concerning when over 58% of sensitive cloud data is stored in Office documents.

OneDrive was the most popular Office 365 app, used by 79% of organizations analyzed with over 100 users.

However, the CASB found that the average enterprise has 204 files containing the word “password” in the file name stored unencrypted in OneDrive.

“Generally, security experts don’t recommend storing all of your passwords in an unencrypted Word or Excel document, whether you store it in the cloud or on your computer,” the report noted. “Some of this data is sensitive but can be safely stored in the cloud with appropriate controls in place.”

What’s more, the practice is getting worse. There were only 143 such files found in Q3 2015.

With this kind of security practice at play it’s perhaps not surprising that 71% of organizations studied have at least one account compromised per month, 57% have at least one insider threat each month and almost half have a privileged user threat every month.

The problem is compounded by virtue of the huge volume of user-generated events in Office 365 each month – an average of 5.4 million. Of these, 256 were judged by Skyhigh Networks to be “anomalous” and just 2.7 actual threats – although the trick is finding this needle in a haystack.

“The challenge for enterprises today is how to develop the people, processes, and technology to identify these threats against the background noise of everyday Office 365 usage,” the report claimed.

Under Microsoft’s shared responsibility model, Redmond will take care of “platform security” but it’s down to individual customers to apply security and compliance controls to use the apps safely.

Skyhigh Networks EMEA director, Nigel Hawthorn, claimed that the number of sensitive cloud documents stored in Office formats will only increase as OneDrive is integrated more tightly into Office 365.

“Therefore, it’s imperative for businesses to educate their employees about how to safely store documents in the cloud; and that need is even more vital in industries where the nature of data is likely to be highly sensitive such as in financial services or healthcare, two of the biggest users of Office 365,” he added.

What’s Hot on Infosecurity Magazine?