A vast majority—90%—of data loss prevention (DLP) violations occur in cloud storage apps, mostly affecting enterprise confidential intellectual property or customer and regulated data.
According to the Summer 2015 Netskope Cloud Report, 17.9% of all files in enterprise-sanctioned cloud apps violate at least one DLP policy, which are internal rules set to govern the usage of personally identifiable information (PII), payment card information (PCI), personal health information (PHI), source code, profanity and confidential or top-secret information.
Of those DLP-violating files, one in five (22.2%) were shared with one or more people outside of the company.
Among the different types of mishandled sensitive content across aggregate Netskope Active Platform customers, more than half are either PII or PCI. The highest incidence of DLP policy violations occurred with PII at 26.8%, while PCI represented the second highest, at 24.3%.
The firm pointed out that the rate of mishandled information is probably actually much higher.
“It is worth noting that two things need to happen for a policy violation to occur: IT needs to set the policy, and a user needs to trigger it,” said Ashish Garg, a researcher at Netskope, in a blog. “So even if sensitive data is in the cloud, if it’s not being specifically targeted in a DLP policy, it won’t be detected. We expect confidential violations to grow in numbers as enterprises get to the next level with their custom, regex policies and identify more information they want to protect.”
At the same time, the report found that enterprises are beginning to consolidate apps, especially those in the marketing, collaboration and productivity categories. Overall, the average number of cloud apps used by enterprises has declined for the first time, from 511 in the last quarterly report to 483 now.
Unfortunately, those apps are no more secure than they ever have been—there was no corresponding increase in apps being enterprise-ready.
A whopping 89.6% of the apps lack the security, audit and certification, service-level agreement (SLA), legal, and vulnerability capabilities required for safe cloud enablement.
“With so many cloud apps in the enterprise lacking the capabilities required for safe enablement, it is imperative that IT possess a holistic view of cloud app usage to inform proactive policies that reduce the risk of losing sensitive data,” said Sanjay Beri, CEO and founder at Netskope, in a statement. “More than just knowing where violations occur, it’s important to know how they are occurring and what steps can be taken to mitigate such behaviors. While awareness is growing, it’s clear that there’s still a long road ahead to ensuring safer enterprise cloud app usage.”