By Amit Shaked, CEO of Laminar
“Shadow IT” — the technology, hardware, software, or projects not under the purview of IT teams — was once a major threat to enterprise cybersecurity. Because shadow IT didn’t undergo the same security procedures as other supported technologies, IT teams were left in the dark regarding what apps were in use that might have placed the company at risk of a data breach.
Fortunately, as companies became more aware of the issue and technology became more advanced, IT teams figured out ways to mitigate the problem such as implementing guidelines on approved applications and restricting user access to certain sites and services.
While the days of staying up and worrying about shadow IT may be mostly over for security professionals, a new nightmare has emerged in its wake.
It’s Not A Monster Under the Bed, It’s Data
In 2021, around 50% of all corporate data was stored in the cloud. The mass migration to the cloud brought organizations data democratization, allowing greater access to data for those who need it.
The mass accessibility that came with the boom of the cloud, however, breeds greater risks without the proper precautions — which is how the new threat of “shadow data” emerged.
Shadow data is company data that is likely copied, backed up, or housed in a data store that is not universally governed under the same security structure or kept up-to-date. As a result, this data is more likely to be misconfigured, unmonitored, and violate organizational privacy policies making it an easy target for adversaries.
A primary reason shadow data occurs is that developers and data scientists have free reign to spin up new datastores with very little data security oversight. Many organizations also miss leftover data from cloud migration projects, leaving it floating around unmanaged and unmaintained.
The cloud is a complex monster that data security teams are trying to catch up with. A critical ongoing challenge hindering data security teams today — and ultimately causing shadow data to be created — is that as more and more organizations move toward the cloud they have not been able to keep a tab on where all of their sensitive data resides.
This is a problem because after all, a data security team simply cannot protect what they do not know about. IT teams must prioritize visibility into cloud data including 3rd party access.
Shadow Data Factors to Consider
When organizations are working on their projects, developers are building and testing programs. Because of the fast-paced work, the developers copy data and fail to properly remove or securely store the copied information. This “supposed to be temporary and ending up persistent” datastore is a perfect example of shadow data.
As highlighted above, hackers often target shadow data, making it an organization’s biggest vulnerability. What is worse is that, in a lot of cases, this data is not used anymore. It is left forgotten about or not even visible to corporate IT teams. On the whole, the people in your organization who should know about these stores of data don’t know about them, leaving them less protected and open prey to large-scale attacks.
The Real Life Consequences of Shadow Data
The real-life consequences of shadow data have made headlines. As an example, recently, the massive gaming company SEGA suffered a data breach. The company inadvertently left sensitive data such as users’ personal information and API keys publicly accessible on an Amazon Web Services S3 bucket.
The accident made it easy for hackers and cybercriminals to dig into many of SEGA Europe’s cloud services. Fortunately for SEGA, the problem was discovered and further access to sensitive data was contained due to the efforts of its internal security team, combined with a team of external security researchers.
How to Fix the Issue
To avoid instances like SEGA’s, organizations need the capability to continuously and automatically discover and classify data for complete visibility, secure and control said data to improve data risk posture, and detect data leaks and remediate them without interrupting data flow. These simple approaches can go a long way in preventing devastating breaches. With complete visibility and detection, organizations will be able to expose shadow data, protect it and continuously monitor for leaks.
Currently, data protection teams are unable to properly locate where sensitive data resides in the cloud. Organizations must be able to prioritize their activities based on the sensitivity of the data as well as the risk of the security posture. To overcome the challenges rising in this cloud-first world, security teams need a new set of cloud-native tools that continuously monitor their environments. Having full visibility helps organizations expose where their shadow data is, reducing the attack surface either by eliminating it or properly protecting it. Data security teams transition from gatekeepers to gate openers allowing the business to thrive in a fast-paced environment.
