SaaS apps like Zoom and DropBox have thrived while employees work from home. Theses apps may have made life easier for the workforce, but can be considered a headache for IT departments if there is lack of visibility. On average, there are 3 to 4 times more SaaS apps in use at a company than the IT department is aware of, and it is estimated that by 2022, 90 percent of enterprises will rely on SaaS apps to execute business objectives. The use of Shadow IT and the growing rate of SaaS apps highlights the gaping holes in a company’s security posture.
It has been reported there are over 60,000 “malicious hacking attempts” every day in the UK alone – a number only set to increase as remote working has weakened organizations’ traditional security perimeter of the office, creating multiple access points for hackers to gain entry. But there is also another issue plaguing the IT team: just how much data is at stake?
Unstructured data: The gateway for cybercriminals
Whilst SaaS applications house large volumes of structured and unstructured data, it is the unstructured data that causes companies the biggest problems – think selfies, videos, audio files, even email files. Lacking proper identity security policies which can govern employee access to these SaaS apps and the data stored in them is a major cybersecurity risk for organizations, with unstructured data the leading contributor to the rise in security compromise.
To gain a better understanding of the risks companies face with regards to SaaS applications and the data they store, we recently conducted a survey with Dimensional Research to better recognize the state of unstructured data and surrounding security practices.
This research shows the complexities arising in keeping our data secure, and under control. Already we see 92 percent of companies moving their unstructured data to the cloud. However, 76 percent of companies having encountered challenges with protecting their unstructured data, including unauthorized access, data loss, compliance fines and more.
More than 4 out of 10 companies admitted they don’t know where all of their unstructured data is located. Nearly every company surveyed reported managing access to unstructured data as difficult, specifying numerous challenges such as too much data, a lack of single access solution for multiple repositories and lack of visibility into access – including where data lives and who owns it. In fact, 68 percent of those surveyed indicated that they have low confidence in their ability to identify the correct data owner.
The answer? Access
It is unsurprising, given this data, that a Canalys report found companies spending record sums on cybersecurity in order to protect the rapid digital transformation we have experienced over the last year. 50 percent of European businesses stated that investing in new security technology was their highest prevention spending priority. Yet, despite these efforts and intentions, the number of successful attacks continues to be higher than ever, with Canalys reporting that “more records were compromised in just 12 months than in the previous 15 years combined.”
Looking even more closely at the research, we can connect the dots between these findings and the rise in cloud adoption, the unstructured data that resides in the apps and systems in the cloud, and IT’s attempts at securing this monster network of information. The answer lies in access. Our survey found more than a quarter of companies fail to perform regular reviews of user access privileges, with one-third of companies lacking real-time alerting when unauthorized access occurs with unstructured data.
Identity is key
There are clear challenges when it comes to governing unstructured data. Yet, businesses are struggling to put the correct procedures in place to reduce risk. It starts with going back to basics. IT professionals need to understand what data is stored, who owns it and who has access to it. But is it really that simple?
Over half of companies (53 percent) reported that updating access privileges is a manual process and this can eat up resources. Resources that IT teams often don’t have. Managing permissions alone results in having to add new users, update privileges as roles change and remove access for those leaving the company. This is a labor-intensive task even for companies with minimal churn. But leaving a business open to such a high level of risk is likely to have a detrimental impact on everything from reputation to finances – a far greater threat than stretched resources.
By extending identity security at the implementation stage to manage data access, there is hope. This solution provides an automated approach for updating user access levels, logging where data is, clarifying the type of data stored, and alerting companies to unauthorized access. When IT has all the information and visibility on an organization’s users and their access – both data and applications – they have the power to quickly make the right decisions, even in the event of a data breach.
With the migration to cloud and an increasing reliance on various repositories and independent tools, managing unstructured data is even more of a challenge. In fact, most surveyed listed “No single solution to manage access across all unstructured data repositories” as the top issue when it comes to managing unstructured data. Companies therefore need to find a solution that manages access across both cloud and on-premises repositories, and that acts as a single source of truth about both the data and its users.
Grady Summers, EVP Product, SailPoint