It is a pleasure to present an article in collaboration with Fabrizio Saviano.
Fabrizio is a dynamic cybersecurity leader with extensive experience as a Chief Information Security Officer (CISO) for top companies. He also served as an Intrusion Squad Officer at Polizia Postale, bringing a wealth of knowledge in cyber defense and security strategy. Fabrizio is the author of three influential books, including Cybercognitivismo and Come non essere spiati su internet, which explore the nuances of digital privacy and cybersecurity. His work combines practical expertise with a passion for educating others on navigating the digital world safely.
So without further ado…
Shadow Data and Ghost Data in the Era of Cloud Computing
In the era of cloud computing, data security has become a major concern for both individuals and organizations. Beyond the well-known concept of Shadow IT, two lesser-known but equally dangerous phenomena are emerging: Shadow Data and Ghost Data. These represent a new frontier in cybersecurity, bringing unique challenges and significant risks that need to be addressed with care and awareness.
Shadow IT: The Hidden Precursor
Before delving into Shadow Data and Ghost Data, it is important to understand the context in which they emerge. Shadow IT refers to the unauthorized use of cloud services such as WhatsApp, Gmail, WeTransfer, or Dropbox within an organization. These tools can be useful but create security, compliance, and cost control issues when used without IT department supervision.
Shadow Data: The Hidden Threat in the Cloud
Shadow Data is an extension of the concept of Shadow IT. It involves content that is improperly uploaded, saved, and shared on cloud storage platforms like Microsoft OneDrive, Google Drive, or Amazon Web Services. Their elusive nature makes it difficult for corporate IT security teams to monitor and protect this data. Risks associated with Shadow Data include insecure sharing, indexing of sharing URLs by search engines, and exposure of sensitive data.
One of the most evident dangers is vulnerability to online searches. Often, URLs used to share data can be discovered through hacking techniques like Google Dorks, making information potentially accessible to anyone. Additionally, incidents like those involving Amazon’s S3 storage have shown that even the most reliable cloud services can be vulnerable.
Ghost Data: The Phantom of Digital Past
Ghost Data represents an even more insidious risk. These are data that users believe they have deleted from cloud services but actually persist in providers’ storage systems. This phenomenon underscores a fundamental truth: data deletion in the cloud is not always permanent. The origins of Ghost Data can vary from incomplete file deletion to device disposal without proper data erasure, to loss or theft of inadequately protected devices.
The Extent of the Problem: Alarming Data
Recent research has revealed worrying data about the impact of Shadow Data and Ghost Data. It is estimated that 60% of security problems in cloud accounts stem from unprotected sensitive data. Furthermore, about 30% of analyzed cloud data stores contain Ghost Data, with 58% of this data including sensitive or highly sensitive information. These numbers highlight the urgency of addressing the issue of Shadow and Ghost Data seriously and proactively.To mitigate the risks associated with Shadow Data and Ghost Data, a multi-layered approach is essential.
First and foremost, user education and awareness are crucial. Users must be trained on the risks of improper data sharing and correct privacy practices in cloud services. It is also important to promote the use of strong passwords and develop a culture of cybersecurity within the organization.
Monitoring and Control are equally crucial. Companies should implement software for identifying and analyzing Shadow and Ghost Data, establish clear policies for their management, and conduct periodic reviews of data present in cloud systems and company devices.
Proactive protection includes using encryption tools for sensitive data and implementing secure backup systems. Additionally, solutions for secure and permanent data deletion are essential to ensure that deleted data cannot be recovered in the future.
Shadow Data and Ghost Data represent a growing challenge in the cybersecurity landscape. With the continuous evolution of cloud technologies and increasing reliance on these services, it is crucial that individuals and organizations remain vigilant and proactive in managing their digital data. The cybersecurity of the future will not only be a matter of advanced technology but also awareness and responsible behavior. Only through continuous and conscious commitment can we hope to navigate safely through the increasingly deep and complex waters of the digital world.
Recent Comments