Survey: 40% of U.S. Companies Reported a Data Leak in the Past Year
A big cause of data leaks is improper implementation of zero trust and full trust approaches, SysKit says.
Jan. 31, 2023
A new survey of 205 U.S. IT professionals from SaaS company SysKit revealed that 40% of companies experienced a data leak in the last 12 months.
“Data leaks have multifaceted costs. Companies face losing business-critical certifications, receiving huge fines, hurting reputation, losing customers, and losing their competitive edge,” SysKit said.
Improper implementation of zero trust and full trust approaches can lead to data leaks, SysKit said. Fifty percent of respondents consider the full trust approach to governance optimal, and 68% believe the zero trust approach limits collaboration capabilities, according to the survey.
The full trust approach simplifies the collaboration inside and outside of the company. It can decrease the IT admin workload by adjusting the workspace settings so that anybody in the company can create new channels, groups, or workspaces and have all the permissions usually dedicated only to managers or global admins. This is aligned with the result that most respondents (68%) deem that the zero trust approach limits collaboration capabilities.
However, this approach opens Pandora’s box where organizations’ security is based on the hope or presumption that all employees have enough cybersecurity awareness. Additionally, insider threats and risky behavior are hard to track. Without comprehensive software to track activities like changing permissions or document sharing, organizations are opening themselves to losing valuable information. Full trust increases the chances of a data leak and increases uncontrolled workspace sprawl, which encompasses the creation of duplicated and redundant data spread over the tenant. Which, in turn, impacts the functionality and speed of search and business efficiency and increases the chance of a data leak and oversharing.
So, even though IT admins consider full trust the preferred approach, the majority report that external collaborators present a security threat in their IT environment.
The survey found that one in five IT professionals prefer the zero trust approach, although it also has significant drawbacks, according to SysKit.
Although some cybersecurity experts consider it a proactive approach, IT admins have to deal with endless tickets and responsibilities that could have easily been transferred to resource owners and managers.
The airtight philosophy of zero trust slows down business processes and creates more manual work for admins. Also, it limits the capabilities to collaborate with external parties. In such scenarios, to be able to conduct their work, employees turn to shadow IT under which the company has no control.
The survey also found that most IT admins (82%) believe non-tech employees who are resource owners should be more involved in data reviews and care of their team’s workspaces. However, when asked about their specific IT governance skills, half of the respondents reported non-tech employees do not know how to apply external sharing policies properly, 56% consider they do not know how to apply provisioning policies, and 30% report their colleagues are not taking care of their inactive content. This lack of skills can lead to data leaks, uncontrolled workspace sprawl, and additional storage costs, SysKit said.