Connect with us

Uncategorized

SHADOW DATA: A HIDDEN RISK IN THE GULF

Published

on

By Yazen Rahmeh, a Cybersecurity Expert at SearchInform

Digital transformation across the UAE and Saudi Arabia brings new opportunities and prospects for enhancing efficiency and growth. However, it also causes new challenges to data protection. As digital environments expand, data spreads across endpoints, cloud storage, and internal environments, escaping oversight by security and compliance teams.

This is shadow data, and it may be one of your organization’s most underestimated risk.

What Is Shadow Data?

Despite all efforts, some business data can be stored and processed outside official IT systems. As a result, a company won’t even know that such datasets exist.

There are a lot of reasons behind the creation of shadow data. Basic examples are:

  • Files stored in personal accounts. An employee can send important files to personal email or cloud storage “just in case.”
  • Access to corporate data from personal devices. A person can log in to corporate cloud services from a personal tablet or laptop. As a result, sensitive documents can be downloaded to a personal device.  This usually happens when someone is working overtime or wants to keep important files readily available.
  • Unaccounted copies of sensitive data. An employee can simply copy and paste records from a CRM system or a customer spreadsheet into a file on their workstation. As a result, sensitive data may bypass security controls, increasing the risk of data leakage.
  • Some business units can adopt SaaS services without oversight. Employees usually do it to boost their productivity or if whitelisted tools are perceived as slow or bulky.
  • Test datasets and temporary databases. Sometimes confidential data can duplicate during migration from one service to another or if developers use production data for test or development environments.

These examples may seem abstract, but the recent Cybersecurity and Infrastructure Security Agency (CISA) data leak shows that shadow data is a real-world threat.

The leak reportedly originated from a contractor’s GitHub repository, which was being used as a working scratchpad. The repository exposed various sensitive records, including AWS keys and plaintext passwords for internal CISA systems. An individual had simply copied sensitive data to make their work more convenient. To do so, the contractor disabled GitHub’s default security setting that prevents users from publishing secrets in public repositories.

Why Shadow Data Is a Business Risk

Increased Risk of Data Leaks

Consider a common scenario: an employee stores confidential data on a personal laptop or cloud service. As a result:

  • Sensitive records could be stolen via phishing or malware, as the laptop isn’t protected by enterprise-grade security controls.
  • An employee could share the laptop with other individuals. Shared devices increase the risk of data exposure.
  • Unauthorized cloud backups. An employee may configure automatic file backups to a cloud service. As a result, sensitive data can leave the protected perimeter and be duplicated in cloud storage, increasing the risk of unauthorized access or data leakage.

That’s how a small and seemingly irrelevant piece of ungoverned data could lead to a major incident. In fact, in 2024, one in three data breaches involved shadow data, according to IBM’s Cost of a Data Breach 2024 report.

One of the most recent cases of data leaks, involving shadow data, is the Abu Dhabi Finance Week exposure. An independent researcher discovered unsecured cloud storage with ID details.

Event representatives stated that only the researcher accessed the data and that the incident affected a limited number of participants. According to them, the issue was caused by a misconfigured cloud storage system managed by a third-party provider.

The incident is the perfect example of shadow data, as the data was copied outside of secured corporate infrastructure and had been left unmanaged.

Regulatory Pressure

Shadow data also presents compliance risks. When using a cloud service, it is essential to verify the geographic location of the data center where the data is stored. Data could be stored at a data center in a different country if you didn’t specify a server location.

As a result, if shadow data includes confidential records such as customer details or transaction records, it will be transferred and stored abroad. From a legal perspective, such misconfiguration is a cross-border transfer and lead to regulatory fines for violations of data protection regulations.

Saudi Arabia’s Personal Data Protection Law dedicates a lot of attention to data residency and cross-border transfers. Organizations, especially in regulated sectors, such as financial institutions, may be required to store certain categories of data within the Kingdom. Companies may need regulatory approval before transferring data to foreign data centers to avoid penalties.

Emirati businesses have less strict conditions for cross-border data transfers. However, there are limitations for banking, payments, healthcare, and telecom organizations and governmental entities. Companies from these industries must store confidential data, such as health records, payment transactions, and customer data, within the country.

Lack of visibility equals lack of control, and regulators do not accept invisibility as an argument.

How to Bring Shadow Data Under Control

Eliminating shadow data entirely is unrealistic. The goal is to make it visible and manageable without slowing down the business.

A Practical Starting Checklist

  1. Discover regulated data, especially data subject to local PDPLs requirements, cybersecurity frameworks issued by National Cybersecurity Authority in the KSA, and Information Assurance Regulation by TDRA in the UAE. It is essential to identify all information that qualifies as confidential and valuable, incl. unaccounted copies of such data.
  2. Map where this data is actually stored and shared, not just where it should be. Sensitive data can be stored on-prem or in cloud environments. Look for data discovery solutions. Ideally, choose a solution that combines data discovery and data classification, like DCAP software.
  3. Classify files & distribute access rights. Use specialized tools to analyze file content and classify it in accordance with a local classification scheme. The next step is to assign user access rights to sensitive data based on employees’ roles and responsibilities.
  4. Control data transfer channels, including cloud storage, SaaS tools, and USB-devices. Use DLP systems to prevent unauthorized spread of sensitive data. Advanced DLP solutions monitor cloud services, as well as traditional channels, such as email or web browsers.

Conclusion

Data protection is not a one-time initiative. It is an ongoing discipline. Security achieved today must still hold tomorrow — and next year.

Organizations that treat data security as a strategic investment, rather than a compliance obligation, build resilience, regulatory confidence, and long-term business stability.

Shadow data may be invisible. But its consequences are not.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Uncategorized

THE AUTHORITY OF SOCIAL CONTRIBUTION – MA’AN LAUNCHES LIFE SKILLS PROGRAMME IN AL AIN REGION, REINFORCING COMMITMENT TO UAE YEAR OF FAMILY

Published

on

In alignment with the UAE Year of Family, the Authority of Social Contribution – Ma’an, part of the Department of Community Development – Abu Dhabi, has launched its Life Skills programme, a flagship initiative designed to empower youth with the practical, technical, and creative skills needed to thrive.

The programme forms part of a wider portfolio of family-focused initiatives introduced by the Authority of Social Contribution – Ma’an to support national priorities that strengthen family cohesion, wellbeing, and long-term prosperity.

The Life Skills programme equips youth with practical training in areas such as digital media and artificial intelligence, and aims to be delivered through over 100 volunteers who will lead programmes that foster innovation, creativity, and community engagement. The programme has the capability to benefit more than 180 young members of the community, strengthening their readiness to navigate digital transformation and build an empowered youth generation creating positive impact in the community.

By bridging skill gaps and enhancing future employability, the initiative enables youth to actively contribute to their communities and play a vital role in Abu Dhabi’s social and economic development.

The programme further reinforces the authority’s objective to maximise the impact of social contributions through strategic initiatives that extend beyond individual support to empowering families and strengthening family cohesion, recognising the family unit as the cornerstone of a resilient, sustainable, and adaptable society.

His Excellency Abdullah Al Ameri, Director Generalofthe Authority of Social Contribution – Ma’an, said: “During the Year of Family, we are committed to aligning our efforts with the national agenda to strengthen family empowerment and advance initiatives that enhance their wellbeing and longevity. The Life Skills programme reflects these efforts by activating specialised volunteers to create opportunities for the youth as well as provide the tools and knowledge needed to play an active role in advancing community development.”

The initiative also highlights the power of collective action, bringing together partners, volunteers, and the community to create accessible learning opportunities that prepare youth for future challenges and opportunities.

By investing in youth development within a family-centric framework that reinforces the family as the fundamental pillar in raising future generations, the authority continues to play a pivotal role in nurturing a generation that is skilled, engaged, and ready to lead the future.

Continue Reading

Uncategorized

THE AUTHORITY OF SOCIAL CONTRIBUTION – MA’AN LAUNCHES LIFE SKILLS PROGRAMME IN AL AIN REGION, REINFORCING COMMITMENT TO UAE YEAR OF FAMILY

Published

on

In alignment with the UAE Year of Family, the Authority of Social Contribution – Ma’an, part of the Department of Community Development – Abu Dhabi, has launched its Life Skills programme, a flagship initiative designed to empower youth with the practical, technical, and creative skills needed to thrive.

The programme forms part of a wider portfolio of family-focused initiatives introduced by the Authority of Social Contribution – Ma’an to support national priorities that strengthen family cohesion, wellbeing, and long-term prosperity.

The Life Skills programme equips youth with practical training in areas such as digital media and artificial intelligence, and aims to be delivered through over 100 volunteers who will lead programmes that foster innovation, creativity, and community engagement. The programme has the capability to benefit more than 180 young members of the community, strengthening their readiness to navigate digital transformation and build an empowered youth generation creating positive impact in the community.

By bridging skill gaps and enhancing future employability, the initiative enables youth to actively contribute to their communities and play a vital role in Abu Dhabi’s social and economic development.

The programme further reinforces the authority’s objective to maximise the impact of social contributions through strategic initiatives that extend beyond individual support to empowering families and strengthening family cohesion, recognising the family unit as the cornerstone of a resilient, sustainable, and adaptable society.

His Excellency Abdullah Al Ameri, Director Generalofthe Authority of Social Contribution – Ma’an, said: “During the Year of Family, we are committed to aligning our efforts with the national agenda to strengthen family empowerment and advance initiatives that enhance their wellbeing and longevity. The Life Skills programme reflects these efforts by activating specialised volunteers to create opportunities for the youth as well as provide the tools and knowledge needed to play an active role in advancing community development.”

The initiative also highlights the power of collective action, bringing together partners, volunteers, and the community to create accessible learning opportunities that prepare youth for future challenges and opportunities.

By investing in youth development within a family-centric framework that reinforces the family as the fundamental pillar in raising future generations, the authority continues to play a pivotal role in nurturing a generation that is skilled, engaged, and ready to lead the future.

Continue Reading

Uncategorized

Jashanmal & Aurum Elixir by Ajmal Showcases Premium Father’s Day Gifting Range Across Lifestyle, Tech and Home Categories

Published

on

In celebration of Father’s Day, Jashanmal presents a carefully curated selection of elegant and practical gifts that combine exceptional quality with distinctive design. The collection features a variety of options to suit different tastes and interests, giving customers the opportunity to express their appreciation and gratitude to fathers with a meaningful gift that creates lasting memories.

Piquadro Recycled Fabric Laptop Bag:

Piquadro is an Italian brand known for innovative business bags and travel accessories that combine technology with craftsmanship. Focused on functionality, premium materials, and contemporary design, it creates smart solutions for professionals and travellers worldwide. This laptop bag, crafted from recycled fabric and leather, features a dedicated iPad® compartment, shock-absorbing protection, RFID protection, and a pocket for AirPods®, combining practicality with modern design.

Cross Accessories and Writing Instruments:

Cross is a global brand celebrated for fine writing instruments that blend craftsmanship and innovation. Founded in 1846, it pioneered iconic designs that combine elegance and functionality. Today, Cross offers premium pens and accessories that reflect timeless style and quality, making it a trusted name for professionals and creators worldwide.

De’Longhi Rivelia Fully Automatic Bean-to-Cup Coffee Machine with Bean Switch System:

De’Longhi is a global brand known for innovative products that blend style and performance. Founded in 1974 with electric radiators, it introduced icons like Pinguino, Tasciugo, Sfornatutto, and Rot-Fryer, expanding into all areas of the home. Today, De’Longhi’s range spans comfort, cleaning, and kitchen appliances, with coffee machines at its heart—making it a world leader in the category. The De’Longhi Rivelia Fully Automatic Bean-to-Cup Coffee Machine allows users to explore different coffee bean varieties through two interchangeable 250g bean hoppers that make switching between beans easy, while its intuitive 3.5-inch full-touch color display delivers an immersive and seamless user experience.

The Essence of Distinction

Aurum Elixir is a masterfully crafted unisex fragrance that balances bold presence with refined elegance. It weaves an unforgettable olfactory story through meticulously selected notes:

Continue Reading

Trending

Copyright © 2023 | The Integrator