Glossary

Shadow Data

Shadow data is any sensitive or confidential data that is leaked from any devices/systems or cloud, intentionally or inadvertently.
Examples of shadow data include:

●      An employee sharing confidential information without malicious intent, mistakingly thinking the data wasn't sensitive

●      Any data that was unknowingly duplicated or abandoned

●      Any data that lies somewhere in the enterprise, but is not a part of the enterprise-wide data management platform

Why is Shadow Data a Bigger Problem in the Cloud?

With more enterprises moving to the cloud, the concern of shadow data is increasing.

Cloud-based collaboration and team-sharing apps like Office365, Google Drive, and Dropbox are all vulnerable to shadow data threats. Apart from these file-sharing apps, users may store sensitive data in video-sharing devices, CRM apps, and online tools. It's also easier than ever for data and R&D teams to create or move data in the cloud when building new models or applications.  These all pose the issue of shadow data.

How Shadow Data Puts the Business at Risk

With more enterprises moving to the cloud, the concern of shadow data is increasing.

As shadow data refers to data that administrators are unaware of, the risk to the business depends on the sensitivity of the data. Customer and employee data that is improperly secured can lead to compliance violations, particularly when financial or health data is at risk. And there's also the risk that company secrets can be exposed as in this example, where an open S3 bucket contained company source code.

Data Discovery Tools - How they Help, and What They're Missing

Data discovery tools are meant to address this problem, but while they can find abandoned data, they can't identify how critical the data is for the business. Not all data is created equal, and not every piece of shadow data will contain sensitive data that must be remediated immediately.

Data Security Posture Management - The Complete Approach for Fixing the Shadow Data Problem

Ultimately, what's needed to eliminate the threat of shadow data is a tool that not only discovers shadow data, but understands what security posture the data is supposed to have and can make recommendations for how best to secure any shadow data that's found. Gartner's Hype Cycle for Data Security in 2022 identified Data Security Posture Management (DSPM) as an 'on the rise' category. DSPM adds context to data discovery by not only finding the shadow data, but understanding its risk to the business as well as how it should be secured. You can learn more about DSPM in this blog: What is Data Security Posture Management? 

See all glossary items
Relevant resources:
No items found.