Cloud DLP and Other Findings Lead to Three Quick Wins for Enterprise IT | Cloud industry forum

Cloud DLP and Other Findings Lead to Three Quick Wins for Enterprise IT

By: Sue Goltyakova, Netskope
June 2015

In our Netskope Cloud Report for Summer 2015 we’re taking a new approach. Unlike in prior reports, in which we shared findings on cloud usage, in this report (and going forward!) we will also deliver some “quick wins,” or recommendations, based on those findings.

This season’s report focuses heavily on cloud data loss prevention (DLP). In our cloud, we identify policy violations for DLP profiles, including personally-identifiable information (PII), payment card industry information (PCI), protected health information (PHI), source code, profanity, and “confidential” or “top secret” information, both at rest in and en route to or from cloud apps.

Two of the most dramatic findings in this report were that for content at rest in sanctioned cloud storage apps, 17.9 percent violated a DLP policy. Of those files, more than one out of five, or 22.2 percent were exposed publicly, or shared with at least one person outside of the corporate domain. This is a significant exposure, and is easily addressable. This leads us to quick win #1: Discover sensitive content in your sanctioned apps and eliminate public access. Notify internal collaborators.

We also looked at what categories and activities were most associated with DLP violations, and found that 90 percent of such violations occurred in the Cloud Storage category, with more “upload” and “download” violations than any other activity. This concentration of category and activity informs quick win #2: Enforce your cloud DLP policies on data-compromising activities in apps containing sensitive data. Start where most violations occur: uploads and downloads in Cloud Storage. 

For the first time since we’ve been releasing this report, we noticed a decline in the average apps per enterprise. They went from 511 per enterprise in the EMEA region (and 730 globally) in our last report, to 483 in EMEA (and 715 globally). Our customers tell us they are getting more serious about standardizing on their corporate-sanctioned apps. They’re using policy, education, and user coaching to drive usage consolidation. We believe the decline in average apps is a direct result of this effort, which leads us to quick win #3: Consolidate on popular apps that are also enterprise-ready. Use app discovery as a guide, and get there with user coaching.