As hybrid work becomes the norm in business, so does data sprawl. Data sprawl refers to the spread of company information to various places, which often comes from dispersed and unmanaged cloud app use. In fact, within businesses worldwide, 1 in 5 employees use personal apps to upload, create, share, or store sensitive information, which equates to valuable, personal data in far too many unsecure, rogue locations.
As apps, services, and tools that enable hybrid work infiltrate corporate networks, attackers are quickly taking advantage of the increasing blind spots. Here’s what security leaders can do to better understand this trend and mitigate the effects of data sprawl.
Understanding app use in the workplace
To properly protect data, security teams need to know where it is and who can access it. If sensitive files, archives, and analytics are spread across different cloud platforms, visibility can be nearly impossible. The problem grows exponentially if employees use several external apps to share and store the same data.
Within an average company, it is common for employees to collectively upload, create, share, or store data in roughly 138 different external apps in their daily work. Many of the apps overlap in function, with an average of four webmail apps, seven cloud storage apps, and 17 collaboration apps in use. This presents a major opportunity for cybercriminals, and a massive problem for security teams.
Recent security incidents capitalizing on increased app use
As app use within the workplace becomes a mainstay in business, cybercriminals are gaining access to sensitive data through applications that are not secure. These malicious actors can easily infiltrate cloud apps, or disguise themselves as such apps, making it difficult for security teams to differentiate legitimate cloud tools from threatening malware.
This happens more often than one might think. For example, Microsoft recently went through a major security investigation after employees uploaded sensitive login credentials to GitHub, giving attackers a gateway into the company’s internal systems. The information was linked to an official Microsoft tenant ID and could be used to access other points in Microsoft’s internal system.
There are countless examples of such security incidents happening in the real world. Communications firm Twilio fell victim to a phishing attack earlier this year, in which hackers took login credentials belonging to roughly 10,000 individuals by imitating popular sign-on services. Investigators say the attackers intended to steal business-specific details from corporate social media accounts, hijack the business’ financial details stored on the sites, and even run their own ad campaigns with money from the targeted firms. The attackers used cloud services like Dropbox, iCloud, and MediaFire to convince victims to download the malware.
Incidents like these cause organizations to reactively prioritize better security policies, which include data visibility and monitoring, but a proactive strategy can be more effective in safeguarding sensitive data amid such massive data sprawl.
Data sprawl control by industry
Security teams can look at specific verticals to understand what’s working (and what’s not) when it comes to limiting data sprawl in the workplace. The finance sector, for instance, is a prime example of an industry that has more stringent security controls and regulations, therefore limiting apps in the workplace.
The Netskope Threat Labs team recently found that fewer than 1 in 10 employees in finance use personal applications at work. Instead, they use managed apps that are closely monitored by security teams.
Other sectors are having a more difficult time limiting data sprawl, given the remote nature of the business and less stringent industry regulations. Retail employees, for example, are using a slew of cloud apps in the workplace regularly. In fact, 40% of users in the retail industry are uploading data to personal apps. It is crucial for IT security teams, not just in this sector but across all industries, to take proactive measures to help minimize the risk of data sprawl.
Best practices in limiting data sprawl
With the right security strategies and policies in place, security teams can confidently embrace cloud services and hybrid working environments without worrying about data sprawl. This will look different for each company, depending on factors like size, security maturity levels, and goals. However, a few initial security best practices remain a constant and these include:
- Enroll all internal apps in single sign-on (SSO). This enables centralized user management and ensures that when employees leave the organization, you have a centralized location where you can remove their access to all cloud resources that contain sensitive company data.
- Configure controls to limit movement of sensitive data to unmanaged apps and app instances. Implement security controls that are app-aware and instance-aware to prevent users from storing sensitive information in unauthorized locations. For example, security controls should be capable of differentiating between a user’s personal Google account and the company’s Google Workspaces account and preventing users from uploading sensitive data to the former. Policies could be configured based on a user’s device, location, or risk.
- Monitor for risky user behavior. User behavior analytics can complement the security controls described above by identifying risky user behaviors, such as sudden increases in downloads from managed apps and app instances or uploads to unmanaged apps and app instances. These behaviors can help identify areas that might need stricter controls or users who might require more training.
- Train employees thoroughly. With proper policies and controls in place, the next step is to effectively communicate these policies to employees. Partner closely with HR to make security training a regular function of employee onboarding and annual training. Make sure your policies include threats from departing employees to ensure they do not upload company information to personal apps before leaving the organization. This practice can post a major threat to companies, especially amid a time of increased resignations.
It is becoming increasingly challenging to protect data amid the shift to hybrid work, specifically when it comes to the growing use of cloud apps. Companies’ journey to the cloud must bring with it stringent security policies and the proper security infrastructure to get ahead of unruly app use and the massive data sprawl challenge that stems from it. Hybrid work will only be successful if organizations, and specifically their security teams, take a proactive approach to limiting data sprawl.
Source: https://www.helpnetsecurity.com/2022/11/08/limiting-data-sprawl/