Netwrix’s Data Risk & Security Report: Cloud Data Sharing a Big Problem

The majority of employees in the education vertical are putting data at risk by sharing through non-IT-approved cloud apps.

That finding comes from cybersecurity vendor Netwrix in its new Data Risk & Security Report. The company revealed more than half (54%) of the 1,045 IT professionals surveyed say education staff are circumventing weak controls; this heightens the chances that confidential information will fall into the wrong hands.

Other stats include:

If anything, the statistics should serve as a call to action for cloud- and security-centric channel partners — especially as Netwrix pointed out that all this activity was happening even before the COVID-19 pandemic forced schools to close. Since then, organizations have rushed to accommodate distance learning. Yet cybersecurity still has taken “a back seat to operational resilience,” said Steve Dickson, Netwrix CEO.

Channel partners can work with IT teams – regardless of vertical – to help them fix the problems. The first step calls for understanding the sensitive data in place, then classifying it by level of confidentiality.

Netwrix’s Steve Dickson

“Second, they need to ensure that the data is stored securely, prioritizing the most important data,” Dickson said. “And last, they need to adopt healthy security practices for granting permissions in order to avoid data overexposure.”

World Tour

The Netwrix Data Risk & Security Report contains other key cloud-related details as well. For example, when it came to regional control over data sharing, Asia Pacific reported the lowest capabilities.

Managed service providers, resellers, system integrators and other partners specializing in this part of the world have ample opportunity, it appears. Netwrix cited a high rate of cloud adoption in APAC. That means many organizations now store and share sensitive, regulated data there — but they apparently are not securing it well. Almost one-quarter (22%) of respondents said they had experienced a data-sharing incident in the past 12 months. Netwrix said that of all the regions it analyzed, that was the highest number. In more than half (56%) of those cases, incident discovery took days, and half of the incidents resulted in a data breach.

In addition, most of the respondents from Asia Pacific said they do not have automated tools for monitoring user behavior. Just more than a quarter (26%) of them track data-sharing manually, while another 28% do not track it at all.

Nonetheless, IT professionals in Asia Pacific are not alone in their struggles. Teams in the U.K. face the same uncontrolled data-sharing problems, according to Netwrix. To that point, 39% of respondents in the U.K. are certain employees are sharing sensitive data through the cloud, outside of IT’s auspices. But, like their counterparts in Asia Pacific, they aren’t sure. That’s because 29% of them do not track data sharing at all, and just 18% do it via manual processes.

Opportunity may prove especially ripe for the indirect channel in France. Despite problems with security incidents stemming from data sharing, and ongoing unauthorized data sharing via the cloud, no organization in France participating in the Netwrix survey has automated processes for tracking employee behavior. This remains the case even as 22% of IT professionals said their organization has suffered a security incident because of data sharing, and another third are sure employees continue to violate policies.

Finally, the United States is on the same trajectory as its Asia Pacific and European peers: Thirty percent of U.S. respondents said their employees also share data through cloud applications outside of IT’s control, Netwrix found in its 2020 Data Risk & Security Report.