Countless numbers of organizations and businesses store important, often sensitive data in an online manner, i.e., stored on or accessible over a network. This data may be embodied in a variety of forms, including databases, calendars, documents, email, and the like. This data may be stored online (or network accessible) in various systems and services, such as content management systems, electronic filing systems, database services, network storage devices, or other storage solutions.
In attempting to maintain the sensitive nature of the data, these services and systems attempt to restrict online access to the data, whether such access is simply to review data, retrieve the data, or use and/or modify the data. The restrictions come in the form of policies that govern who can access the data, how the data can be accessed, where the data can be stored, and whether the data can be shared with others (and whom). However, such restrictions and policies require both end-user knowledge of them and end-user goodwill in keeping them. Indeed, most data leaks occur because of mistake and/or ignorance of policies governing data access. As such, there are numerous instances of both intentional and unintentional use of restricted data, many of which result in significant financial, personal or other unfortunate consequences.
Simple, yet common examples of unauthorized “data activity” include sharing content with someone not authorized to view the content, and/or storing protected data in an area where others not authorized to view it can access the data. Yet another example may be an employee maliciously leaking sensitive data to others, or an employee bypassing company policy by taking sensitive data upon leaving his job, thereby jeopardizing the security of the data and violating privacy constrains. Still another example is a malware attack that results in the exposure of sensitive data to a malicious organization.
For the systems and services that store the excess-restricted data, unauthorized activity on the data exposes the system/service maintaining the data to potential business damage, financial loss, reputation damage, legal and/or regulatory challenges due to privacy regulations violations.