A recent survey by Varonis highlighted that, on average, a single terabyte of data in the cloud contained more than 6,000 sensitive files, nearly 4,000 folders shared with external contacts, and more than 2.1 million access permissions. In fact, the average company has: 

• 10% of cloud data exposed to every employee 
• 4,468 user accounts without MFA 
• 40+ million unique permissions 
• 12,000+ M365 sharing links 
• 157K sensitive records exposed to everyone on the internet  
• 33 super admin accounts 
• 6% of all cloud data exposed to the entire internet 

The rapid pace of cloud transformation and adoption of cloud applications, particularly M365, has left IT staff with a monumentally difficult task of now untangling and mapping access permissions across their cloud estates. There are vastly more SaaS permissions to manage than on-prem alternatives, so the potential for data exposure, accidental or malicious, has increased exponentially. It’s a real headache for those responsible for securing your company’s ‘crown jewels’.  

Take M365 for example where it takes, on average, about six hours per folder to locate and manually remove global access groups, to create and apply new groups, and then subsequently populate those groups with the right users who need access to the data. For 1,000 folders, that’s 6,000 hours of work if you’re attempting this manually!  

Thankfully there is an easier way to manage your access permissions, enforce the principle of least privileged access, and reduce your attack surface. As a first step, we would suggest conducting a free data risk assessment with our partner Varonis. You can view an example output report from the exercise here. If you’d like to understand how much data you have, how much of it is sensitive, where it is stored, who has access to it, how often it is accessed and much more, then use the form below to request your risk assessment. 

We’re running an event on this topic – click here to find out the details: