ghost-data-increases-enterprise-business-risk

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Ghost Data Increases Enterprise Business Risk

Cloud sprawl is a big issue for organizations, with business teams to spinning up cloud systems and services on their own, often without IT oversight. That leads to cloud data sprawl as data is scattered across different environments. If IT doesn’t know about the cloud systems and services, then IT is also not managing the data being collected, processed, and stored there.

We all know about shadow IT, the systems and network devices in the organization’s environment that IT is not managing. Similarly, shadow data refers to unmanaged data store copies and snapshots or log data not part of IT’s backup and recovery strategy. Researchers at Cyera estimate that 60% of the data security posture issues present in cloud accounts stem from unsecured sensitive data.

Then there is the problem of ghost data.

When data gets deleted from cloud systems, it isn’t fully gone. Copies linger in backups or snapshots of data stores. Ghost data refers to those copies left behind after the original has been deleted, and Cyera’s recent analysis show that enterprises have quite a lot of it.

After scanning the three major cloud providers (Amazon Web Services, Azure, and Google Cloud), Cyera researchers found that over 30% of scanned customer cloud data stores are ghost data and more than 58% contain sensitive, or very sensitive, data. For example, researchers found unsecured database snapshots in non-production environments that contained sensitive customer data where the original database had been destroyed. Researchers also uncovered sensitive personal and authentication data in plain text where the production data and application were no longer in use.

Ghost data usually has no business value – the data was deleted for a reason — and having it around unnecessarily increases business risk. Attackers don’t care if they get their hands on the original sensitive information or the copy because to them, all data has value, regardless of the form it takes. Organizations still are on the hook if the attackers get their hands on ghost data. The data security provisions of industry-specific regulations like HIPAA, PCI DSS, and the Sarbanes-Oxley Act still apply.

Organizations need to reduce cloud data exposure to reduce data sprawl. Proper data hygiene across clouds will also help clean up data when it is no longer in use.

On a final note, ghost data can increase the organization’s cloud costs: Researchers found over $50,000 in excess data store snapshots being retained in a cloud environment.

Related News

Schoolyard Bully Malware Stealing Facebook Credentials on Android

Schoolyard Bully Malware Stealing Facebook Credentials on Android

Mobile security company Zimperium’s zLabs has released a warning about a notorious Android trojan that has stolen around 300,000 credentials…
8 Reasons Why Enterprises Use Java

8 Reasons Why Enterprises Use Java

Java is one of the most well-known programming languages and software platforms that is used on countless devices such as…
360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

360m Alleged WhatsApp Records Shared Freely on Telegram and Dark Web

Previously we covered the news of a database containing 487 million up-to-date WhatsApp user records from 84 countries being sold…