Looking at global cloud use today, we see that 22% of cloud users actively share files in the cloud and 48% of all files in the cloud are eventually shared. Both are on the rise. The number of active sharing cloud users is up 33% over the past two years, and total files shared is also up 12% over the same period.
Percentage of cloud users who share files.
Percentage of files shared in the cloud.
If the 48% of files being shared were limited to party invites and pet photos, we’d have a much easier time managing our cloud risk. There are two areas that we need to draw our attention to here: what kind of data is being shared, and where it’s going. Let’s start with where:
Where cloud files are shared.
Two categories immediately raise red flags: personal email addresses, and anyone with a link. Anyone using a corporate cloud account and sending data to a personal email address is invariably removing that data from any oversight by the information security team. Even worse however is data shared to anyone with an open link, potentially leading to uncontrollable sprawl of data to completely unknown individuals and organizations. Once a file in a service like Box or OneDrive is set to open access by “anyone with a link”, that is essentially like running a web hosting service for the world, letting anyone hit that link and have the data.
Now of course the heart of the risk lies in the content of what’s being shared, and where it’s going. Currently 8% of all files shared in the cloud contain sensitive data. Over the past two years, files shared with sensitive data to “anyone with a link” have risen 23%, files sent to a personal email address are up 12%, and those shared with business partners up 10%. It’s imperative to understand and control how sensitive data is being shared to reduce risk while maintaining business acceleration through the use of the cloud.
Read our last Cloud Computing Security Risk blog post to find out how the rise of the cloud puts your data at risk.