The focus of this report is on cloud data loss prevention (DLP). In our cloud, we identify policy violations for DLP profiles, including personally-identifiable information (PII), payment card industry information (PCI), protected health information (PHI), source code, profanity, and “confidential” or “top secret” information.
Two of our most dramatic findings were that, when our customers scanned their content at rest in sanctioned apps, 17.9 percent of all files violated a DLP policy and, of those, 22.2 percent were shared with one or more people outside of the company.
Drilling further into DLP violations, we looked at violation type. Over half of the DLP violations across aggregate Netskope Active Platform customers are either PII or PCI, with the next category being a custom, regular expression catch-all “confidential” violation. While this is probably not unexpected, it is worth noting that two things need to happen for a policy violation to occur: IT needs to set the policy, and a user needs to trigger it. So even if sensitive data is in the cloud, if it’s not being specifically targeted in a DLP policy, it won’t be detected. We expect confidential violations to grow in numbers as enterprises get to the next level with their custom, regex policies and identify more information they want to protect.
|Category||Percent DLP Policy Violations|
|1.||Personally Identifiable Information (PII)||27%|
|2.||Payment Card Industry Information (PCI)||24%|
|3.||Confidential or Top Secret||17%|
|5.||Protected Health Information (PHI)||12%|
One thing we noticed was the activities associated with these violation types. When it comes to PII, PCI, and PHI, there are more violations associated with the “upload” and “download” of data than any other activity. We also looked at categories, finding that 90 percent of all DLP violations happened in Cloud Storage. The remaining 10 percent occurred in Webmail, here for more findings and our top three quick wins for enterprise IT.