Data Sprawl: What You Don’t Know Can Hurt You

Mobile devices and inexpensive, easy-to-use, cloud file-sharing services make it easy to work anywhere and anytime. Such access has become essential to competing in an always-connected world.

But this new reality makes it much harder to identify which employees are sharing which data, much less understand and mitigate the resulting security risks.

Risk #1: Cloud

At Forcepoint, Chief Information Security Officer Allan Alford has seen …” companies that were proud of their cloud migrations but who very quickly, with a little bit of uncovering, determined they had as much ungoverned cloud activity as they had governed cloud activity, and were absolutely hemorrhaging intellectual property.”

Many lack awareness about their actual use of such services, he says, because they “don’t have a formal cloud strategy in place, but rather an ad hoc approach, or even worse no specific knowledge of what activity is actually taking place at all.”

Other companies are doing a better job of managing the risk of data sprawl. These often include financial services firms and retailers who must comply with the PCI DSS (Payment Card Industry Data Security Standard) for credit card data. Their awareness of the risk has grown, Alford says, after breaches showed how point-of-sale systems could be used both to steal data and to insert malware into the enterprise.

Risk #2: Consumer Devices

Employees using mobile technologies such as tablets and smartphones to access, edit, and share corporate data pose both inbound and outbound security risks. The inbound threat is of a user clicking on a malicious email attachment or visiting a suspect web site, then having their device become infected with malware that could travel to the corporate network.

The outbound threat: a user could access sensitive corporate data from their personal tablet or smartphone and, intentionally or unintentionally, send it to an authorized outside party.

Managing the Risk

The first step to managing the risk is to “identify what’s going out the door,” says Alford, then assess the amount and sensitivity of the data that is leaving without authorization. Tools and platforms such as Forcepoint CASB (cloud access security broker) in conjunction with Forcepoint DLP (data loss prevention) can help identify the data in question and its risk profile.

The next step is to find the owners of the data and explain those risks (including potential compliance issues) to build their support for remediation measures. It is only through such education that business managers can strike the proper balance between keeping data safe and making it accessible enough to drive better business decisions or create innovative products and services.

In the case of ungoverned cloud services, says Alford, an organization might choose to block their use completely or “roll the ungoverned into the governed” using tools such as single sign-on technologies, DLP, and a cloud security access broker to manage what data can move to the cloud.

Forcepoints’s human-centric cybersecurity systems protect your most valuable assets at the human point: The intersection of users and data over networks of different trust levels. Visit