SURVEY: Do SA businesses have the data visibility they think they have?
ITWeb, in partnership with Netskope, recently conducted a data protection survey targeting information and IT security professionals across southern Africa. The survey sought to understand the current trends related to data protection, data loss and the usage of unsanctioned cloud applications (shadow IT).
Rich Davis, head of cyber security strategy, EMEA, at Netskope, says, “Two years ago, many companies had a handle on where their data lived and how to control it. That changed in an instant with the onset of the pandemic and the need for people to continue to work, changing locations and devices, and adopting cloud technology.”
Almost half (48%) of the organisations surveyed were not aware of any data loss incidents in the past year, which, on the face of it, would seem to be a positive outcome. However, when the survey looked at organisational visibility, only 32% of organisations say they have good visibility into both SaaS and IaaS applications.
Davis continues, “This leaves two-thirds of organisations with visibility gaps – so one must ask the question: of the 50% of organisations who claimed to have not lost any data, how many simply don’t have the visibility they need to confidently monitor data? This is also at odds with the 84% who said they were prepared or very prepared to deal with data loss/theft.”
Visibility into SaaS apps is vitally important to protect the organisation from malwarebased threats. “For the first time, the Netskope Cloud and Threat Report 2022 breaks down statistics by continent. In the case of Africa, the most popular hosting location for malware is Microsoft Onedrive, far more popular in Africa compared to North America and Europe. Furthermore, two thirds of the malware hosting locations are popular SaaS applications including Google Drive and Weebly. In fact, Weebly was more popular in Africa than any other worldwide region, accounting for over 10% of all malware downloads,” he explains.
“The risk posed to organisations is often not from the apps that they manage, but from the long list of unsanctioned apps being used by the people in the organisation, often referred to as ‘shadow IT’. Most next generation firewalls and secure web gateways lack two key pieces of visibility to monitor usage: instance awareness; and action awareness.”
How do you differentiate between a corporate instance of OneDrive, a business partner or personal instance, or perhaps an instance hosting malware? Davis says, “This requires instance awareness and, in turn, requires a technology specifically designed to understand the language used to communicate with each and every SaaS tool.
“Secondly, action awareness is an important factor to consider, as this allows organisations to not simply block unsanctioned SaaS apps, but to allow controlled access, permitting most actions, but prohibiting certain actions such as upload or sharing.
“The other aspect to consider here is user acceptance: how do you let your users continue to use the apps that help drive productivity, without making them jump through too many hoops – this is where action awareness and user coaching comes in.”
The good news is that most organisations have put in place security awareness training initiatives, with 74% of respondents claiming to be prepared or very prepared. “Poor user experience has often been the downfall of many previous technologies, as well as attempts to control data, so user awareness training and ‘just-in-time’ coaching are two critical factors to consider when deploying new technology.”
Finally, 90% of organisations say that a move to hybrid has changed how they decide on new technology and this is also driving adoption of a new ‘zero trust’ perimeterless approach to securing people and data. “It’s clear from the survey results that South African organisations are heavily using IaaS and SaaS apps, with only 25% of data loss incidents related to data residing within the network and should consider a move to a security services edge platform,” he advises. “At Netskope, we prefer to use the term ‘continuous adaptive trust’ rather than ‘zero trust’ as this better reflects how people work.”