Latest Study Reveals High Prevalence of Personal Health Information at Risk
Netskope, the leading cloud access security broker, today announced the release of the Fall 2015 Netskope Cloud Report™ on enterprise cloud app usage and trends. For the first time, in this report trends were broken down by industry vertical, including healthcare and life sciences; financial services, banking and insurance; retail, restaurants and hospitality; manufacturing; and technology and IT services. According to the report, the healthcare and life sciences vertical is responsible for 76.2 percent of all cloud data loss prevention (DLP) policy violations among the billions of total app instances tracked.
Among the different types of mishandled data within healthcare and life sciences, protected health information (PHI) accounts for an alarmingly high 68.5 percent of violations in cloud apps. PHI includes sensitive data about health status, provision of healthcare, or payment for healthcare that can be linked to a specific individual. Personally-identifiable information (PII) accounted for an additional 13.7 percent of violations. The technology and IT services vertical had the second-highest proportion of total violations, at 14.2 percent.
Enterprise Cloud App Usage Continues to Grow
The report found the average number of cloud apps used per enterprise rose by five percent, to 755 total, after coming in at 715 in the Summer 2015 Netskope Cloud Report. 91 percent of these apps are not enterprise-ready, lacking key functionalities such as security, audit and certification, service-level agreement, legal, privacy, financial viability and vulnerability remediation. Within specific verticals, technology and IT services had by far the highest number of cloud apps in use, averaging at 1,157 apps per enterprise. Healthcare and life sciences had the second-highest total at 1,017 cloud apps.
Although activities like “download” and “share” are typically associated with apps in the cloud storage category, activities related to data leakage and exposure are also prevalent in key app categories like human resources (HR) and business intelligence. “Download” ranks as the fourth most common activity in HR apps and “share” leads as the top activity in business intelligence cloud apps.
“In the wake of a series of high-profile breaches and data loss events, there’s a growing consensus from the board level down that recognizes the need for greater visibility and actionable policies to govern cloud usage and protect sensitive data,” said Sanjay Beri, co-founder and CEO, Netskope. “By better understanding where and how policy violations commonly occur, enterprises have a detailed picture of cloud app ecosystems and their respective industries to better mitigate risk.”
Breakdown of DLP Violations by Industry Group
Reviewing aggregate, anonymized data in the Netskope Active Platform, Netskope identified DLP violations in sensitive content at rest in sanctioned cloud apps and en route to or from a variety of sanctioned and unsanctioned cloud apps. Overall, 9.4 percent of all scanned files in sanctioned cloud apps have triggered a DLP policy violation, down from 17.9 percent in last season’s report. The dip in violations shows organizations are becoming more proactive about both detecting and protecting sensitive data in the cloud using a combination of e-discovery, encryption and quarantine workflows. Below is a chart illustrating the breakdown of DLP violations in content at rest in sanctioned cloud apps and their percentage by industry groups:
|Industry Group||Percentage of Total Files With A DLP Violation|
|Healthcare and Life Sciences||21.1%|
|Technology and IT Services||14.2%|
|Financial Services, Banking and Insurance||5.7%|
|Retail, Restaurants, and Hospitality||2.5%|
Top DLP Policy Violation Types in the Netskope Active Platform
When drilling deeper into violation types, PHI makes up the bulk of DLP policy violations in cloud apps across the Netskope Active Platform population, at 68.5 percent. According to the Health Insurance Portability and Accountability Act (HIPAA), 18 categories of sensitive data are categorized as PHI, including health insurance details and personal contact information. As shown above, healthcare and life sciences enterprises (as a combined 27.6 percent of the user base in the Netskope Active Platform) account for the vast majority of total DLP policy violations, at 76.2 percent of the total. Retail, restaurants, and hospitality enterprises (accounting for 6.5 percent of Netskope users) account for 6.7 percent of all violations.
|DLP Policy Violation Type||Percentage of Total DLP Violations|
|Protected Health Information (PHI)||68.5%|
|Personally-Identifiable Information (PII)||13.7%|
|Payment Card Industry Information (PCI)||7.5%|
|Confidential, Top Secret or Other Regular Expression||5.9%|
- Download the Netskope Cloud Report
- Learn more about how to gain visibility into enterprise cloud apps and how to ensure they are secure and compliant
- Visit the Netskope Hub for the latest commentary and insight on trends from the Netskope team
About the Netskope Cloud Report
Based on aggregated, anonymized data from the Netskope Active Platform, which provides discovery, surgical visibility and control over any cloud app, the report’s findings are based on millions of users in hundreds of accounts in the global Netskope Active Platform from June 1 through August 31, 2015.
Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence. To learn more, visit our website.