Before his retirement, an employee of the Office of the Comptroller of the Currency (OCC) uploaded more than 10,000 OCC records onto two removable thumb drives. He retired in November 2015; the agency didn’t discover the breach until the following September. That left almost a year between breach and detection. The OCC was not able to recover the thumb drives.
It illustrates what happens when business administrators fail to adequately oversee how employees handle sensitive corporate data. Many companies attempt to combat this problem by cracking down on Shadow IT – the employee use of unsanctioned apps and devices.
But even when using sanctioned apps, employees can still engage in behaviors that expose their company to data risks. This problem is called Shadow Data. As more companies take a liberal approach to cloud app provisioning, they need to make sure that all apps – including vetted ones – are carefully secured, optimized and monitored. Al Sargent, senior director at OneLogin, offers the following seven tips enterprise leaders can follow to maintain data oversight and reduce the risks posed by Shadow Data.