SOURCE: Elastica


October 23, 2014 09:00 ET

Elastica Analysis Reveals 20% of Broadly Shared Files in Cloud File Sharing Apps Contain Compliance Related Data

"Shadow Data" Expands Threat Surface, Places Enterprises at Increased Risk of Compliance Violations and Data Breaches

SAN JOSE, CA--(Marketwired - Oct 23, 2014) - Elastica (, the leader in Data Science Powered™ Cloud Application Security, today unveiled an infographic detailing results of its security analysis of more than 100 million files being shared and stored in leading public-cloud applications. Research revealed that 20 percent of broadly shared files contain compliance-related data, 5 percent of enterprise users are responsible for driving 85 percent of the exposure risk, and employees each store an average of 2,037 corporate files in the cloud.

Further analysis revealed that files being stored and shared among insiders and outsiders hold sensitive personal health information (PHI) regulated by HIPAA, personally identifiable information (PHI) such as social security numbers, and customer payment card information regulated by the Payment Card Industry Data Security Standard (PCI DSS).

Shadow Data: The Growing Threat

The research uncovered that sensitive data shared broadly within and outside organizations without IT security teams' knowledge, known as "shadow data," is an emerging threat within enterprises that are integrating cloud applications into their infrastructures. The extreme volume of sensitive and regulated data being shared in the shadows is placing global organizations at risk of costly compliance violations and major data breaches that could impact millions of consumer identities and accounts as well as corporate IP.

"While uncovering shadow IT is important, the massive adoption of file sharing services demands deeper analysis of 'shadow data' to understand what is being exposed via the cloud and the level of risk and threats this poses for the enterprise," said Rehan Jalil, President & CEO of Elastica. "The advanced data science algorithms within the Elastica CloudSOC platform reveal these risks and allow organizations to define and enforce policies that prevent data breaches and compliance violations."

Over-Sharing puts Data at Risk

Based on results gathered through the Elastica CloudSOC™ platform, which enables transaction-level security for cloud apps and services, Elastica discovered that enterprise employees are each storing an average of 2,037 files and that these files are being shared directly with other internal users, across companies with select users and with the public at large. Data is being placed at risk primarily via files being shared broadly across entire organizations, externally and publicly. Scans on these high-risk files revealed:

  • 68 percent are shared with the whole company, across functional groups
  • 19 percent are shared with external users
  • 13 percent are shared publicly

Compliance Violations
In particular, regulated data is in jeopardy, including personally identifiable information (PII), PHI and consumer payment card information. Of all the files that are broadly shared, the analysis found 20 percent contain compliance related data, with the following breakdown:

  • 56 percent contained PII, including social security numbers
  • 29 percent contained PHI
  • 15 percent contained payment card information

Few Users Drive Majority of Risk
Research also indicates that the vast majority of risk is associated with a relatively small number of users. Just 5 percent of the users sharing high-risk content are driving 85 percent of the resulting risk exposure. This finding highlights the value of identifying the highest-risk users in an organization. In doing so, IT security teams can hone in on the biggest impact in resolving compliance risks.

Additional Resources:

Interact with Elastica:

About Elastica:
Elastica is the leader in Data Science Powered™ Cloud Application Security. Its CloudSOC™ platform empowers companies to confidently leverage cloud applications and services while staying safe, secure and compliant. A range of Elastica Security Apps deployed on the extensible CloudSOC™ platform deliver the full life cycle of cloud application security, including auditing of shadow IT, real-time detection of intrusions and threats, protection against intrusions and compliance violations, and investigation of historical account activity for post-incident analysis. Learn more about Elastica at Follow us on Twitter @ElasticaInc

Contact Information

  • Media Contact:
    Joe Franscella
    Bhava Communications for Elastica