Microsoft Cloud App Security Overview
Moving to the cloud increases employees’ flexibility and reduces IT cost, but it also introduces new challenges and complexities for keeping your organization secure. To get the full benefit of cloud applications, an IT team must find the right balance of supporting access while maintaining control to protect critical data.
What is Cloud App Security
Microsoft Cloud App Security is a comprehensive service that provides deeper visibility, comprehensive controls, and improved protection for your cloud applications. Cloud App Security is designed to help you extend the visibility, auditing, and control you have on-premises to your cloud applications.
Cloud App Security is a critical component of the Microsoft Cloud Security stack. It is a comprehensive solution that helps organizations take full advantage of the promise of cloud applications while maintaining control with improved visibility into activity.
It also increases the protection of critical data across cloud applications. With tools to help uncover Shadow IT, assess risk, enforce policies, investigate activities, and stop threats, organizations can safely move to the cloud while maintaining critical data control.
Cloud App Security is a critical component of the Microsoft Cloud Security stack. It’s a comprehensive solution that can help your organization as you move to take full advantage of cloud applications’ promise but keep you in control through improved visibility into activity.
It also helps increase the protection of critical data across cloud applications. With tools that help uncover shadow IT, assess risk, enforce policies, investigate activities, and stop threats, your organization can more safely move to the cloud while maintaining control of critical data.
Microsoft Cloud App Security is a component of Microsoft Enterprise Mobility + Security E5 and enables customers to discover and secure all the cloud apps in their organizations. Once the apps are discovered, customers can put comprehensive controls in place for management and monitoring.
Cloud App Security framework
Visibility – The discovery engine leverages logs from firewalls and proxies in an organization to determine what apps are being used. It can discover 13,000+ apps today. No client-side agents are required, ensuring the discovery process does not block production systems. Discovery is also able to ingest log data regularly to ensure always up-to-date information automatically.
Once apps have been discovered, Cloud App Security assigns a risk score based on 60+ parameters. This risk score is based on each app’s security mechanisms and compliance regulations. Here is what the Discover section of the Cloud App Security dashboard looks like.
Data control – Once applications have been discovered, Administrators can set controls for each app and choose to sanction or block apps. Admins can also leverage what are calls App Connectors to monitor what happens in sanctioned apps.
Policies are used to enable granular-control for approved apps. These policies govern data in the cloud, such as files stored in cloud drives, attachments, or within cloud apps. Finally, the policies are enforced by Cloud App Security to help admins identify policy violations, investigate a user, files, or activity level. When a policy is enforced, it can quarantine files, remove permissions, block sensitive transactions, and more.
Threat protection – Ongoing threat protection enables Admins to identify anomalies in their cloud environment that could indicate a breach and leverage behavioral analytics to assess risk in each transaction.
Cloud App Security can also identify and stop known attack pattern activities originating from risky sources with threat prevention enhanced with the vast Microsoft threat intelligence capabilities.
Why do you need Cloud App Security?
Cloud applications are in use by most enterprises today, and we will soon reach the time where more corporate data will be stored in the cloud than on-premises. Moreover, everyone is using the cloud, and even companies without official SaaS apps in use have substantial Shadow IT usage of the cloud.
We know from past customer surveys that over 80% of employees admitted to using unapproved SaaS apps for corporate usage.
Let me share some brand new data from Microsoft Cloud App Security that will help put the scope of the Shadow IT challenge that many organizations face into perspective:
- On average, each employee uses 17 cloud apps, but many organizations don’t know what is in use or whether these apps meet security, privacy, and compliance requirements
- In 91% of organizations, employees grant their personal accounts access to the organization’s cloud storage
- 70% of the organizations allow cloud admin activity from non-corporate, unsecured networks
- 75% of privileged cloud accounts are not in use. These accounts might be eating up the cost of a license, or worse, increasing the attack surface of the organization
- On average, an organization shares 13% of its files externally, of which 25% are shared publicly
It is important for security teams to have deep visibility, strong controls, and threat protection for cloud apps. That is why we created Cloud App Security: to provide you with an easy and comprehensive solution so you can gain visibility into your cloud app usage and start controlling it via policy.
Technical brief and Sign up
Cloud App Security integrates visibility with your cloud by
- Cloud Discovery to map and identify your cloud environment and the cloud apps your organization is using.
- Sanctioning and unsanctioned apps in your cloud
- Easy-to-deploy app connectors that take advantage of provider APIs for visibility and governance of apps that you connect to
- Allow you to have continuous control by setting and then continually fine-tuning policies.
Microsoft Cloud App Security architecture
Data retention & Compliance – Cloud App Security is officially certified with Microsoft Compliance for ISO, HIPAA, CSA STAR, EU model clauses, and more. To see the full list of certifications, go to Microsoft Compliance Offerings, and select Cloud App Security.
When Cloud App Security performs content inspection, data privacy is enforced. The file content is not stored in the Cloud App Security database; only the file records’ metadata and any violations that were identified are stored in the Cloud App Security database.
After data is collected from these sources, Cloud App Security runs sophisticated analysis on the data. It immediately alerts you to anomalous activities and gives you deep visibility into your cloud environment. You can configure a Cloud App Security policy and use it to protect everything in your cloud environment.
Cloud Discovery – Cloud Discovery uses your traffic logs to dynamically discover and analyze the cloud apps that your organization is using. To create a snapshot report of your organization’s cloud use, you can manually upload log files from your firewalls or proxies for analysis. To set up continuous reports, use Cloud App Security log collectors to periodically forward your logs.
Sanctioning and unsanctioned an app – You can use Cloud App Security to sanction or unsanctioned apps in your organization using the Cloud app catalog. The Microsoft team of analysts has an extensive and continuously growing catalog of over 15,000 cloud apps ranked and scored based on industry standards.
You can use the Cloud app catalog to rate your cloud apps’ risk based on regulatory certifications, industry standards, and best practices. Then, customize the scores and weights of various parameters to your organization’s needs. Based on these scores, Cloud App Security lets you know how risky an app is based on over 50 risk factors that might affect your environment.
App connectors – App connectors use APIs from cloud app providers to integrate the Cloud App Security cloud with other cloud apps. App connectors extend control and protection. They also give you access to information directly from cloud apps for Cloud App Security analysis. To connect an app and extend protection, the app administrator authorizes Cloud App Security to access the app. Cloud App Security queries the app for activity logs, and it scans data, accounts, and cloud content. Cloud App Security can enforce policies, detects threats, and provides governance actions for resolving issues.
Cloud App Security uses the APIs provided by the cloud provider. Each app has its own framework and API limitations. Cloud App Security works with app providers to optimize APIs and ensure the best performance.
Considering the various limitations that apps impose on APIs (such as throttling, API limits, and dynamic time-shifting API windows), the Cloud App Security engines utilize the allowed capacity. Like scanning all files in the tenant, some operations require a large number of APIs, so they are spread over a longer period. Expect some policies to run for several hours or several days.
Policy control – You can use policies to define your users’ behavior in the cloud. Use policies to detect risky behavior, violations, or suspicious data points and activities in your cloud environment. If needed, you can use policies to integrate remediation processes to achieve complete risk mitigation.
Multiple types of policies correlate to the different types of information you might want to gather about your cloud environment and the types of remediation actions you might take.
The following Firewall vendors are supported.
McAfee Secure Web Gateway
First, let’s try some trial licenses from http://www.cloudappsecurity.com/.
Choose to Sign up for your free trial.
It recognizes Office365 tenant, so let’s add it to an existing tenant.
On the Office 365 Admin Portal, we should see the trial licenses.
And we should also see the new Cloud App Security Admin portal.