The NCAA’s March Madness is upon us, and basketball fans everywhere are filling out their brackets and placing bets on which teams will rise and which will fall. These teams are made up of talented individuals who work hard towards perfecting their craft, backed by coaches who mentor them to greatness. Like these coaches, organizations play a big role in coaching their staff to behave in ways that benefit the organization as a whole.
Just-in-time coaching proves effective
Skyhigh found that just-in-time coaching of user behavior delivers significant results. For example, when organizations display a coaching message to user when s/he attempts to access a high-risk cloud service, they saw a 65% decrease in the use of high-risk cloud apps on average. They also enjoyed a 97% overall reduction of in data sent to high-risk file sharing services, This represents a significant reduction in security and compliance risk given that 22% of files sent to file sharing services contain sensitive data.
DLP concerns outside of file sharing
Our research also found that, beyond file sharing, 4% of the fields in CRM applications contain a wide range of PII pertaining to an individual including but not nearly limited to: social security number, policy number, driver’s license number, and date of birth (age). Organizations will want to take a closer look at their Salesforce.com or other CRM instance to understand the implications for security and compliance.
Most common responses to DLP violations
For companies who have extended their DLP policies to the cloud, Skyhigh analyzed actions trigged by policy violations and uncovered the remediation actions that occurred most often:
- 60% – email alert to the violator/end-user
- 31% – quarantine or tombstone a file
- 26% – modify permissions to restrict sharing with external users
- 13% – encrypt the data
The data shows that, just as organization can coach users on appropriate services to use, they can also coach users when it comes to uploading appropriate content to cloud services. We also see that today’s organizations more frequently take the coaching approach in response to DLP violations. Educating users is an effective way to reduce the risk associated with using cloud apps, particularly file sharing services.
To see more data on how the cloud is used by enterprises and their employees today, download our latest Cloud Adoption and Risk report below.