How to control the activity between users and the applications that your company uses through Microsoft Cloud App Security
Security is a critical aspect for any company that is in the cloud. According to a study conducted by Microsoft, companies use an average of 17 applications in the cloud, sometimes some, with knowledge of IT managers but often without their authorization (for example, Facebook, Gmail, Dropbox, etc.). ..), exposing companies to unknown security risks and breaches of privacy policies. In view of this situation, many IT managers ask themselves : How can we detect which cloud applications our users use as part of their activity? and .. then ... How can we control the activity that these users perform in these applications, taking into account that they are often confidential data?
The solution: Microsoft Cloud App Security
What happens if an employee, correctly identified and authenticated, does something wrong with your data? It's more ... What would happen if that employee is no longer loyal or acts under duress? or .. What happens if your computer is not properly protected and a malware is reading data in your name? This is where Microsoft Cloud App Security (MCAS) would intervene.
What exactly does it offer you?
- Application detection: Monitor your network traffic in real time and detect applications in the cloud used, get visibility of the unauthorized and evaluate the risk.
- Visibility of user activity in cloud applications : Through Cloud Discovery you can obtain detailed information on activities, users, traffic and files used in the cloud, as well as personalized reports of activity records in the cloud by user.
- Greater control and protection of your critical data : Control the use of your company's data through access and data sharing directives and data loss prevention (DLP). For example, your company may have a file policy enabled that alerts you when a user has shared a company document with an external domain.
- Intelligent protection: Cloud App Security counts on the information of millions of unique data received by the signals of devices of the Microsoft client base to detect anomalous incidents and behavior patterns of the user that may be indicative of a security risk for your company. .
- Application risk assessment: Cloud App Security counts on the information of millions of signals received from Microsoft client devices to detect anomalous incidents and behavior patterns of the user that may be indicative of a security risk for your company.
- Integration with Azure AD: You can consolidate the different identifiers that Cloud App Security collects from a user when accessing different applications in the cloud and unify them with their identification name in the Active Directory of your company. In this way you can control more easily the activity in the cloud and can also create customized reports by groups of users or departments (This functionality requires a configuration in the Firewall of the company)
The panels of Cloud App Security provide an overview of the activities and features of the applications in the cloud that are being used and allow you to measure that use by the number of users, the volume of traffic or the IPs from which it is accessed. To help you investigate the applications in your environment you can consult:
- Main panel: General information about the status in the cloud (users, files and activities), as well as the necessary actions (alerts, activity infractions and content infractions)
- Data: Analysis of the data stored in the application; breakdown by file type and by level of file sharing.
- Files: Details of files, possibility of filtering by owner, level of shared use, etc., as well as carrying out government actions (such as quarantining)
- Third-party applications: Detail of third-party applications implemented in the company, such as G Suite, and definition of policies for those applications.
- User: Complete general information of the user profile in the cloud, including groups, locations, recent activities, related alerts and used browsers.
From this tab you can perform a detailed analysis of the applications used in the company and perform actions with unwanted ones, as they are considered risky applications or because they violate company policies, marking them as Unauthorized .
Once an application is marked as unauthorized you can perform two types of actions on them:
- Do not prevent it from being used, but monitor its use more easily through Cloud Discovery reports.
- Prevent its use by blocking access to the application throughout the company (this function requires a specific configuration in the company's firewall)
Through this view you can connect applications and keep track of the actions performed on them, such as:
- Consult the map of active users and monitoring in real time
- Control the actions that are carried out (data or documents)
- Display user accounts that use the application
- Apply your policy policies
Cloud App Security uses the APIs provided by cloud application providers to connect and gain control over them.
Policy policy to control applications
The actions performed by employees with the applications can be managed and controlled based on directivesand, if necessary, apply the necessary policies to mitigate the risks in your company. For example, through directives you can allow users to access certain applications in the cloud from the company, but prohibit the downloading of documents.
There are several types of policies that correlate with the different types of information you want to collect about the cloud environment and the types of corrective actions you want to perform:
- Activity directive: They allow to monitor specific activities carried out by different users or follow unexpectedly high levels of traffic of a certain type of activity.
- Anomaly detection policy: Allows you to search for unusual activities in the cloud to issue alerts when something other than the baseline of the organization or the user's normal activity occurs.
- Application detection policy: They allow to establish alerts that notify when new applications used in the organization's network are detected.
- Cloud Discovery Anomaly Detection Policy : This directive examines the network traffic of the company and looks for anomalous behavior. For example, when a user who has never used Dropbox suddenly charges 600 GB or when there are many more transactions than usual in a given application.
- File directive: Allows you to examine applications in the cloud to detect file types or specific files (shared, shared with external domains), data (property information, personal information, credit card information, etc.) and apply policies necessary to comply with the regulations of the company.
This view provides full visibility into any suspicious activity or violation of the policies established by the company, helping the administrators to determine the nature of the incident and the response needed for each alert. In addition, Cloud App Security alerts help you adapt policies or create new ones based on incidents. For example, if you receive an alert that a business user has logged in from Greenland and no user in your organization has ever logged in from that location, you can create a policy that automatically suspends any account when you try to sign in from that location .
View of the alert panel that shows suspicious activity and failed logins
Control in Azure
Last May Microsoft announced the compatibility of Cloud App Security with Azure . Now you can seamlessly monitor all Azure subscriptions and protect your environment through:
- Visibility of all the activities carried out through the portal.
- Possibility of creating personalized directives to alert about unwanted behaviors, as well as the possibility of automatically protecting oneself against risk users by means of suspension or the requirement that they re-login.
- All Azure activities are covered by the anomaly detection engine, which will generate an alert automatically to any suspicious behavior in Azure Portal, such as anomalous logins, massive suspicious activities and activity from a new country.
In recent months Microsoft Cloud App Security has received interesting improvements, among which stand out for example the possibility of visualizing which applications and services are executed on subscriptions of Infrastructure as a Service (IaaS) and Platform as a service (PaaS), regardless of whether they are running on Azure, AWS or Google Cloud.
Microsoft Cloud App Security and the GDPR
Thanks to the integration with Azure Information Protection (AIP) , Cloud App Security can help your company comply with the GDPR by applying AIP classification tags to the files in the cloud to protect and identify them. With the integration you can:
- Apply classification labels as a government action to files that match the directives.
- See all classified files in a central location.
- Conduct research based on the level of classification and quantify the exposure of confidential information in cloud applications.
- Create policies to ensure that classified files are handled correctly.
Licensing options for Cloud App Security
- Cloud App Discovery (Basic Functionality): Provides information about which applications in the cloud not managed by you are being used in your company, with the objective of controlling the shadow IT. This product is integrated in Azure Active Directory Premiun and Enterprise Mobility + Security E3 .
- Office 365 Cloud App Security (Intermediate Functionality): Includes threat detection based on user activity records, detecting more than 750 Office 365 applications or applications with similar functionalities. This version is integrated in Office 365 Enterprise E5.
- Microsoft Cloud App Security (Complete Functionality): The most complete solution that provides detailed visibility and protection of threats from both Office 365 and SaaS applications, with a complete catalog of more than 16,000 applications in the cloud . Also, it allows the labeling and classification thanks to the integration with Azure Information Protection. This version is integrated into Enterprise Mobility + Security E5 or as a standalone product.
Do you want to see Microsoft Cloud App Security in action?
Watch this video to know in detail how Cloud App Security helps you.
With Cloud App Security you can benefit from the advantages of the cloud with confidence, while remaining safe, protected and complying with regulations.
Do you want to know more about Microsoft Cloud App Security? Contact us!