News from unprotected servers that expose user and corporate data is constant in the news and, according to a new survey, remains a constant threat. According to data from DoControl, 40% of data from companies in the SaaS (software as a service) sector is vulnerable and publicly accessible.
Research by the company specializing in security pointed out that the risk is not only in external access, by malicious agents or not, to volumes, but also in insufficient internal policies. More than just having information available, many companies in the industry do not invest in security and access policies, allowing employees to view and share data, often without proper authorization and protection.
According to the DoControl survey, 20% of volumes are shared internally with a simple link, which if passed on to third parties, can also provide access to servers. Meanwhile, 8% of employees work mixing personal and professional profiles, increasing the possibility of internal data leakage and compromise, since even cryptographic keys can be found in such vulnerable infrastructures.
Want to catch up on the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Everyday a summary of the main news from the tech world for you!
Policy issues also appear in information management, with some of the cases cited in the report pointing to volumes whose access was shared by up to 15,000 people, including thousands of external partners, suppliers and even potential customers who shouldn’t necessarily view the information . In 18% of cases, this view was still allowed even after user accounts were deleted, posing a danger, too, after layoffs or employee cuts.
According to the director of information security at JupiterOne, Sounil Yu, visibility is the best way to increase security in SaaS companies. Managing data as well as user access, as well as preventing a possible proliferation of corporate information, helps prevent infrastructure leaks and compromises. Authentication and monitoring mechanics are among the main measures.
Source: DoControl, Security Magazine
Did you like this article?
Subscribe your email on Canaltech to receive daily updates with the latest news from the world of technology.