Best moments from “Hacking Shadow Data” – Super Cyber Friday

Check out our highlights from Super Cyber Friday “Hacking Shadow Data: An hour of critical thinking about discovering and managing sensitive data in unauthorized locations.”

Watch the full video.

Our guests for this discussion were:

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Polar Security

Best Bad Idea

Congrats to Brian Colt, information security engineer, DASH Financial Technologies for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“Label all sensitive data ‘Polo.’ Run around the Internet yelling ‘Marco’ to force it to reveal itself.” – John Prokap, leader, IT security & compliance, Success Academy Charter Schools

“Have all employees sign a waiver that they will be responsible for their own data if they want to use hosted apps.” – Neil Saltman, VP of strategic accounts, Sotero

“Default label for all data is ‘public’ so if it goes somewhere it isn’t supposed to, no big deal.” – Brian Colt, information security engineer, DASH Financial Technologies

“When users click save, all the data is destroyed. When they call to ask where it went, you reply ‘The Shadow knows’ and then hang up.” – Dutch Schwartz, principal security specialist, AWS

10 percent better

“DNS filtering to block un-sanctioned cloud storage.” – Brian Colt, information security engineer, DASH Financial Technologies

“Facilitate an approachable IT department that is seen as a force multiplier rather than a necessary point of friction. This will make business leaders less likely to use SaaS products outside of IT.” – Brian Colt, information security engineer, DASH Financial Technologies

“Gradually move the organization to api centric data access/storage.” – Mathew Biby, CISO, Satcom Direct

Quotes from the chat room

“The BUSINESS is almost certainly the OWNER of the data. IT/Tech team are usually the CUSTODIANS.” – David Peach, founder, principal, Illuminate Risk

“Take a look through your widely accessible network shares or Sharepoint. Guaranteed there is sensitive data there rather than a more restricted storage location.” – Brian Colt, information security engineer, DASH Financial Technologies

“Identify data not accessed in 6 months or more, move it somewhere and remove all access and see who yells within next 6 months. Eighty percent chance that data is shadow data. Then focus on the stuff that is most used and find someone who can actually tell you what it is.” – Renee Guttman, former CISO, VC advisor

“Part of solving this issue is educating folks about proper digital hygiene, including how they use (create, update, delete, transfer, etc.).” – Mathew Biby, CISO, Satcom Direct