Cloud proliferation is a big problem for organizations, with business teams tasked with building cloud systems and services themselves, often without IT oversight. This leads to a proliferation of data in the cloud, as data is scattered across different environments. If the IT department is not familiar with cloud systems and services, it also does not manage the data collected, processed and stored there.
We all know about shadow IT, systems and network devices in the organization’s environment that IT doesn’t manage. Similarly, phantom data refers to unmanaged data storage copies and snapshots or log data that are not part of the IT department’s backup and recovery strategy. Cyera researchers estimate that 60% of data security posture issues in cloud accounts stem from unsecured sensitive data.
Then there is the issue of ghost data.
When data is deleted from cloud systems, it does not completely disappear. Copies persist in datastore backups or snapshots. Ghost data refers to copies left behind after the original has been deleted, and recent analysis from Cyera shows that companies have plenty of it.
After analyzing the three major cloud providers (Amazon Web Services, Azure, and Google Cloud), Cyera researchers found that over 30% of analyzed customer cloud data stores are ghost data and over 58% contain sensitive or very sensitive data. For example, researchers have found insecure database snapshots in non-production environments that contained sensitive customer data where the original database had been destroyed. Researchers also discovered sensitive personal and authentication data in plain text where production data and the application were no longer in use.
Ghost data generally has no business value – the data was deleted for a reason – and its presence unnecessarily increases business risk. Attackers don’t care whether they get their hands on the original sensitive information or the copy, because to them all data has value, no matter what form it takes. Organizations are still liable if attackers get their hands on phantom data. The data security provisions of industry-specific regulations such as HIPAA, PCI DSS, and Sarbanes-Oxley still apply.
Organizations need to reduce cloud data exposure to reduce data sprawl. Good data hygiene in clouds will also help clean up data when it is no longer in use.
Finally, ghost data can increase an organization’s cloud costs: researchers found over $50,000 worth of excess data storage snapshots kept in a cloud environment.