Security is critical for any business that is in the cloud. According to a study carried out by Microsoft, an average of 17 cloud applications are used in companies, sometimes some, with the knowledge of the IT managers but often without their authorization (for example, Facebook, Gmail, Dropbox, etc. ..), exposing companies to unknown security risks and privacy policy breaches. Faced with this situation, many IT managers ask themselves : How can we detect which cloud applications our users use as part of their activity? and … then … How can we control the activity carried out by these users in these applications, taking into account that it is often confidential data?
The solution: Microsoft Cloud App Security
What happens if an employee, correctly identified and authenticated, does something wrong with your data? What’s more … What if that employee is no longer loyal or acts under duress? or .. What if your computer was not properly protected and a malware was reading data on your behalf? This is where Microsoft Cloud App Security (MCAS) would step in.
Specifically, Cloud App Security provides IT departments with visibility and control over the cloud applications that your organization’s users use (allowed and disallowed). In this way, on the one hand, you can restrict access to those that you do not authorize and, on the other, you can observe the activity carried out by users with the data of the allowed applications, identifying suspicious activities and potential threats before they become reality.For example, Microsoft Cloud App Security may indicate that there is a certain user who is downloading a large amount of information outside the company (even if the situation is too anomalous, it may close the session), or you can limit that it is not possible to access depending on which applications from outside your organization or from unknown computers.
MCAS, apart from Office 365 and Azure, provides activity visibility for popular cloud applications like Dropbox, G Suite, AWS, Salesforce, and many more.
What exactly does it offer you?
- Application detection: Monitor your network traffic in real time and detect used cloud applications, gain visibility into unauthorized ones and assess risk.
- Visibility of user activity in cloud applications : Through Cloud Discovery you will be able to obtain detailed information on the activities, users, traffic and files used in the cloud, as well as personalized reports of activity logs in the cloud by user.
- Greater control and protection of your critical data : Control the use of your company’s data through data access and sharing policies and data loss prevention (DLP). For example, your company may have a file policy enabled that alerts you when a user has shared a company document with an external domain.
- Smart protection: Cloud App Security relies on the information of millions of unique data received by device signals from Microsoft’s customer base to detect incidents and anomalous user behavior patterns that may be indicative of a security risk for your company .
- Application risk assessment: Cloud App Security relies on information from millions of signals received from Microsoft customer devices to detect incidents and anomalous user behavior patterns that may be indicative of a security risk for your company.
- Integration with Azure AD: You can consolidate the various identifiers that Cloud App Security collects from a user when accessing different applications in the cloud and unify them with their identification name in the Active Directory of your company. In this way, you can more easily control activity in the cloud and can also create customized reports by user groups or departments (This functionality requires a configuration in the company’s Firewall)
With native integration technology with identity and security solutions such as Azure Active Directory, Intune and Azure Information Protection, you will gain visibility into all your applications and services in the cloud by leveraging sophisticated analytics to identify and combat cyber threats and control how data is consumed. , no matter where they reside.
Investigation panels
The Cloud App Security panels provide an overview of the activities and characteristics of the cloud applications that are being used and allow you to measure that use by the number of users, the volume of traffic or the IP’s from which it is accessed. To help you investigate the applications in your environment you can consult:
- Main panel: Overview of cloud status (users, files, and activities), as well as required actions (alerts, activity violations, and content violations)
- Data: Analysis of the data stored in the application; Breakdown by file type and file sharing level.
- Files: File details, possibility of filtering by owner, level of sharing, etc., as well as carrying out government actions (such as quarantine)
- Third-party applications: Details of third-party applications implemented in the company, such as G Suite, and definition of policies for those applications.
- User: Complete overview of the user profile in the cloud, including groups, locations, recent activities, related alerts, and browsers used.
Detected applications
From this tab you can carry out a detailed analysis of the applications that are used in the company and carry out actions with the unwanted ones, because they are considered risky applications or because they violate company policies, marking them as Unauthorized .
Once an application is marked as unauthorized, you can perform two types of actions on them:
- Do not prevent its use, but more easily monitor its use through Cloud Discovery reports.
- Prevent its use by blocking access to the application throughout the company (this feature requires specific configuration in the company firewall)
Connected apps
Through this view you can connect applications and keep track of the actions performed on them, such as:
- Consult the map of active users and real-time monitoring
- Control the actions that are carried out (data or documents)
- View the user accounts that use the application
- Apply your policy policies.
Cloud App Security uses the APIs provided by the providers of the cloud applications to connect them and gain control over them.
Policy policy to control applications
The actions that employees take with the applications can be managed and controlled based on directives and, if necessary, apply the necessary policies to mitigate the risks in your company. For example, through policies you can allow users to access certain applications in the cloud from the company, but prohibit the download of documents.
There are several types of policies that map to the different types of information you want to collect about your cloud environment and the types of corrective actions you want to take:
- Activity policy: They allow you to monitor specific activities carried out by different users or to follow unexpectedly high levels of traffic for a certain type of activity.
- Anomaly Detection Policy: Allow you to search for unusual activity in the cloud to issue alerts when something other than the organization’s baseline or normal user activity occurs.
- Application detection policy: They allow setting alerts that notify when new applications used are detected on the organization’s network.
- Cloud Discovery Anomaly Detection Policy : This policy examines the company’s network traffic and looks for anomalous behavior. For example, when a user who has never used Dropbox suddenly loads 600GB or when there are many more transactions than usual in a given application.
- File policy: Allow browsing of cloud applications to detect specific file types or files (shared, shared with external domains), data (proprietary information, personal information, credit card information, etc.) and apply policies necessary to comply with company regulations.
Alerts
This view provides complete visibility into any suspicious activity or violation of company policies by helping administrators determine the nature of the incident and the response required for each alert. Additionally, Cloud App Security alerts help you adapt policies or create new ones based on incidents. For example, if you receive an alert that a company user has logged in from Greenland and no user in your organization has ever logged in from that location, you can create a policy that automatically suspends any account when access is attempted from that location. .
Alerts dashboard view showing suspicious activity and abnormal logins
Control in Azure
You can seamlessly monitor all Azure subscriptions and protect your environment through:
- Visibility of all the activities carried out through the portal.
- The ability to create custom policies to alert you to unwanted behavior, as well as the ability to automatically protect yourself from risky users by suspending or requiring them to log in again.
- All Azure activities are covered by the Anomaly Detection Engine, which will automatically alert you to any suspicious behavior in the Azure portal, such as abnormal logins, massive suspicious activity, and activity from a new country.
In recent months Microsoft Cloud App Security has received interesting improvements, among which stand out, for example, the possibility of visualizing which applications and services run on Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) subscriptions, regardless of whether are running on Azure, AWS, or Google Cloud.
Microsoft Cloud App Security and the GDPR
Thanks to integration with Azure Information Protection (AIP) , Cloud App Security can help your company in GDPR compliance by allowing you to apply AIP classification labels to files in the cloud to protect and identify them. With integration you can:
- Apply classification labels as a governance action to files that match policies.
- View all classified files in one central location.
- Conduct research based on classification level and quantify the exposure of sensitive information in cloud applications.
- Create policies to ensure classified files are handled correctly.
Cloud App Security Licensing Options
- Cloud App Discovery (Basic functionality): Provides information about which cloud applications not managed by you are being used in your company, with the aim of controlling shadow IT. This product is integrated into Azure Active Directory Premium andEnterprise Mobility + Security E3 .
- Office 365 Cloud App Security (Intermediate functionality): Includes threat detection based on user activity logs, detecting more than 750 Office 365 applications or applications with similar functionalities. This version is built into Office 365 Enterprise E5.
- Microsoft Cloud App Security (Full functionality): The most complete solution that provides detailed visibility and threat protection for both Office 365 and SaaS applications, with a complete catalog of more than 16,000 applications in the cloud . It also enables labeling and classification thanks to integration with Azure Information Protection. This version comes bundled with Enterprise Mobility + Security E5, Microsoft 365 E5, or as a standalone product.
With Cloud App Security you can benefit from the advantages of the cloud with confidence, while remaining safe, protected and complying with regulations.
Do you want to know more about Microsoft Cloud App Security? Contact us!