Companies do not (yet) master the management and protection of application data in SaaS mode – IT SOCIAL

In a survey of data vulnerability in SaaS environments across 717 companies, Varonis researchers found that 81% of companies unintentionally expose sensitive data.

As companies deploy solutions and the piping needed to exploit data and adopt cloud solutions, hackers are on the lookout for the tiniest loophole to breach access and raid these coveted assets. To detect these vulnerabilities, companies use tools for monitoring and enforcing security policies. But while they are concerned with setting up data analysis tools for the relevance of decisions, companies have only a vague idea of ​​the proliferation of configuration errors, privileged accounts and permissions. access granted. In addition, security teams must deal with data from a growing number of applications and services used in SaaS mode, in multicloud and hybrid environments. According to the new Varonis report, The Great SaaS Data Exposure, “on average a company has an alarming amount of sensitive data exposed not only to all employees, but also, and in many cases, to the entire Internet. It is a ticking time bomb waiting to explode,” the report states. Varonis investigators analyzed 10 billion objects, 15 petabytes of data from 717 organizations. These were involved in different sectors such as finance, health, energy and services, Tech and public bodies… The data was collected from companies around the world, particularly in the United States, Canada, United Kingdom United, France, Germany, Spain, Brazil and Australia.

81% of companies unwittingly expose sensitive data

To gather this metadata, the investigators scrutinized SaaS and IaaS applications and services, such as Microsoft 365, Box and Okta. Admittedly, these figures do not reflect the situation of each company, but they are a good indicator of the secure state of data in companies that are more advanced in their data exploitation projects. It would also be necessary to be able to correlate the size of the company with the figures collected and with regard to the practices and the average of the sector. Despite these shortcomings, these figures are a good illustration of the state of computer systems and data in companies. The result is instructive to say the least, because while 81% of the companies surveyed unwittingly expose sensitive data, in this batch, 10% of the data is accessible to all employees. With the popularity of the subscription model and SaaS, companies have seen the number of access authorizations multiply. But what’s worse is that an average of 4,468 user accounts do not use multi-factor authentication, or about 6 accounts per company surveyed. The super admin links found are fewer, but it’s still 33 accounts, more than half of which do not use multi-factor authentication.

12,000 Microsoft 365 sharing links

Among the accesses, Varonis researchers found more than 12,000 Microsoft 365 sharing links, which expose data company-wide and to individual employees. Regarding the data exposed, the storage media of the panel companies contain an average of 157,000 sensitive files exposed to everyone on the Internet via SaaS sharing functions, “which represents 28 million dollars in risk of data breach” , says the report. As for the composition of these petabytes of data, the researchers established the content of a terabyte taken as a model. On average, each terabyte in the cloud contains over 6,000 sensitive files, nearly 4,000 folders shared with external contacts, and over 2.1 million permissions. With so much data hoarded in a single terabyte, it’s easy to understand the proliferation of successful attacks. According to Varonis, it takes “about six hours per folder to manually locate and delete global access groups, create and apply new groups, and then populate those groups with the correct users who need access to the data. For 1,000 files, this represents 6,000 hours of manual work”.

We wish to thank the writer of this write-up for this remarkable web content

Companies do not (yet) master the management and protection of application data in SaaS mode – IT SOCIAL

Visit our social media profiles as well as other related pages