How to discover and control all the cloud applications your company uses
Security is a critical aspect for any company that is in the cloud. According to a study conducted by Microsoft, companies use an average of 17 applications in the cloud, sometimes some, with knowledge of IT managers but often without their authorization (for example, Facebook, Gmail, Dropbox, etc.). ..), exposing companies to unknown security risks and breaches of privacy policies. Faced with this situation, many IT managers consider how can we control the cloud applications that users use from our organizations?
The solution: Cloud App Security
Cloud App Security provides the IT departments with visibility and control over the applications in the cloud used by the company, allowed by the IT department and not allowed, being able to restrict the use of these or monitor the actions that are carried out with them, in order to strengthen the security of the company. All this through a set of discovery, research, control and protection capabilities.
What does it offer?
- Application detection: Monitor your network traffic in real time and detect applications in the cloud used, get visibility of unauthorized and evaluate the risk.
- Visibility of user activity in cloud applications : Through Cloud Discovery you can obtain detailed information on activities, users, traffic and files used in the cloud, as well as personalized reports of activity records in the cloud by user.
- Greater control and protection of your critical data : Control the use of your company's data through access and data sharing directives and data loss prevention (DLP). For example, your company may have a file policy enabled that alerts you when a user has shared a company document with an external domain.
- Smart Protection: Cloud App Security counts on the information of millions of unique data received by the signals of devices of the Microsoft client base to detect anomalous incidents and behavior patterns of the user that may be indicative of a security risk for your company. .
- Application risk assessment: Cloud App Security counts on the information of millions of signals received from Microsoft client devices to detect anomalous user incidents and behavior patterns that may be indicative of a security risk for your company.
- Integration with Azure AD: You can consolidate the various identifiers that Cloud App Security collects from a user when accessing different applications in the cloud and unify them with their identification name in the Active Directory of your company. In this way you can control more easily the activity in the cloud and can also create customized reports by groups of users or departments (This functionality requires a configuration in the Firewall of the company)
The panels of Cloud App Security provide an overview of the activities and features of the applications in the cloud that are being used and allow you to measure that use by the number of users, the volume of traffic or the IPs from which it is accessed. To help you investigate the applications in your environment you can consult:
- Main panel: General information about the status in the cloud (users, files and activities), as well as the necessary actions (alerts, activity infractions and content infractions)
- Data: Analysis of the data stored in the application; breakdown by file type and by level of file sharing.
- Files: File detail, possibility to filter by owner, level of shared use, etc., as well as carrying out government actions (such as quarantining)
- Third-party applications: Detail of third-party applications implemented in the company, such as G Suite, and definition of policies for those applications.
- User: Complete general information of the user profile in the cloud, including groups, locations, recent activities, related alerts and used browsers.
From this tab you can perform a detailed analysis of the applications used in the company and perform actions with unwanted ones, as they are considered risky applications or because they violate company policies, marking them as Unauthorized .
Once an application is marked as unauthorized, you can perform two types of actions on them:
- Do not prevent it from being used, but monitor its use more easily through Cloud Discovery reports.
- Prevent its use by blocking access to the application throughout the company (this function requires a specific configuration in the company's firewall)
Through this view you can connect applications and keep track of the actions performed on them, such as:
- Consult the map of active users and monitoring in real time
- Control the actions that are carried out (data or documents)
- Display user accounts that use the application
- Apply your policy policies
Cloud App Security uses the APIs provided by cloud application providers to connect and gain control over them.
Policy policy to control applications
The actions that employees perform with applications can be managed and controlled based on directivesand, if necessary, apply the necessary policies to mitigate the risks in your company. For example, through directives you can allow users to access certain applications in the cloud from the company, but prohibit documents from being downloaded.
There are several types of policies that correlate with the different types of information you want to collect about the cloud environment and the types of corrective actions you want to perform:
- Activity directive: They allow to monitor specific activities carried out by different users or follow unexpectedly high levels of traffic of a certain type of activity.
- Anomaly detection policy: Allows you to search for unusual activities in the cloud to issue alerts when something other than the baseline of the organization or the user's normal activity occurs.
- Application detection policy: Allows you to set alerts that notify when new applications used in the organization's network are detected.
- Cloud Discovery Anomaly Discovery Policy : This directive examines the network traffic of the company and looks for anomalous behavior. For example, when a user who has never used Dropbox suddenly charges 600 GB or when there are many more transactions than usual in a given application.
- File directive: Allows you to examine applications in the cloud to detect file types or specific files (shared, shared with external domains), data (property information, personal information, credit card information, etc.) and apply policies necessary to comply with the regulations of the company.
This view provides full visibility into any suspicious activity or violation of the policies established by the company, helping administrators determine the nature of the incident and the response needed for each alert. In addition, Cloud App Security alerts help you adapt policies or create new ones based on incidents. For example, if you receive an alert that a company user has logged in from Greenland and no user in your organization has ever logged in from that location, you can create a policy that automatically suspends any account when you try to sign in from that location .
View of the alert panel showing suspicious activity and anomalous logins
Control in Azure
Last May Microsoft announced the compatibility of Cloud App Security with Azure . Now you can seamlessly monitor all Azure subscriptions and protect your environment through:
- Visibility of all the activities carried out through the portal.
- Possibility of creating personalized directives to alert on unwanted behaviors, as well as the possibility of automatically protecting oneself against risk users by means of suspension or the requirement that they re-login.
- All Azure activities are covered by the anomaly detection engine, which will generate an alert automatically to any suspicious behavior in Azure Portal, such as anomalous logins, massive suspicious activities and activity from a new country.
Microsoft Cloud App Security and the GDPR
Thanks to the integration with Azure Information Protection (AIP) , Cloud App Security can help your company comply with the GDPR by applying AIP classification tags to the files in the cloud to protect and identify them. With the integration you can:
- Apply classification labels as a government action to files that match the directives.
- See all classified files in a central location.
- Conduct research based on the level of classification and quantify the exposure of confidential information in cloud applications.
- Create policies to ensure that classified files are handled correctly.
Licensing options for Cloud App Security
- Cloud App Discovery (Basic Functionality): Provides information about which applications in the cloud not managed by you are being used in your company, in order to control the shadow IT. This product is integrated in Azure Active Directory Premiun and Enterprise Mobility + Security E3 .
- Office 365 Cloud App Security (Intermediate Functionality): Includes threat detection based on user activity records, detecting more than 750 Office 365 applications or applications with similar functionalities. This version is integrated into Office 365 Enterprise E5 or as a stand-alone product for other Enterprise plans.
- Microsoft Cloud App Security (Complete Functionality): The most complete solution that provides detailed visibility and protection of threats from both Office 365 and SaaS applications, with a complete catalog of more than 16,000 applications in the cloud . It also allows the labeling and classification thanks to the integration with Azure Information Protection. This version is integrated into Enterprise Mobility + Security E5 or as a standalone product.
Do you want to see Cloud App Security in action?
Watch this video to know in detail how Cloud App Security helps you.
With Cloud App Security you can benefit from the advantages of the cloud with confidence, while remaining safe, protected and complying with regulations.
Do you want to know more about Microsoft Cloud App Security? Contact us!