How to control activity between users and applications used by your company through Microsoft Cloud App Security
Security is a critical aspect for any company that is in the cloud. According to a study conducted by Microsoft, companies use an average of 17 applications in the cloud, sometimes some, with knowledge of IT managers but often without their authorization (for example, Facebook, Gmail, Dropbox, etc.). ..), exposing companies to unknown security risks and breaches of privacy policies. Faced with this situation, many IT managers are raised . How can we detect which cloud applications our users use as part of their activity? and .. then ... How can we control the activity that these users perform in these applications, taking into account that they are often confidential data?
The solution: Microsoft Cloud App Security
What happens if an employee, correctly identified and authenticated, does something wrong with your data? What's more .. What if that employee is no longer loyal or acts under duress? or .. What if your computer was not properly protected and malware was reading data in your name? This is where Microsoft Cloud App Security (MCAS) would intervene.
What exactly does it offer you?
- Application detection: Monitor your network traffic in real time and detect used cloud applications, gain visibility of unauthorized ones and assess risk.
- Visibility of user activity in cloud applications : Through Cloud Discovery you can obtain detailed information of the activities, users, traffic and files used in the cloud, as well as personalized reports of cloud activity logs per user.
- Greater control and protection of your critical data : Control the use of your company's data through access policies and data sharing and data loss prevention (DLP). For example, your company may have an archive policy enabled that alerts you when a user has shared a company document with an external domain.
- Intelligent protection: Cloud App Security has the information of millions of unique data received by the signals of devices from the Microsoft client base to detect incidents and abnormal behavior patterns of the user that may be indicative of a security risk for your company .
- Application risk assessment: Cloud App Security has the information of millions of signals received from Microsoft client devices to detect incidents and abnormal user behavior patterns that may be indicative of a security risk for your company.
- Integration with Azure AD: You can consolidate the various identifiers that Cloud App Security collects from a user by accessing different applications in the cloud and unifying them with their identification name in the Active Directory of your company. In this way you can more easily control the activity in the cloud and can also create customized reports by groups of users or departments (This functionality requires a configuration in the company's Firewall)
The Cloud App Security panels provide an overview of the activities and features of the cloud applications being used and allow you to measure that use by the number of users, the volume of traffic or the IP's from which you access. To help you investigate the applications in your environment you can consult:
- Main panel: General information on the status of the cloud (users, files and activities), as well as the necessary actions (alerts, activity violations and content violations)
- Data: Analysis of the data stored in the application; Breakdown by file type and by file sharing level.
- Files: Detail of files, possibility of filtering by owner, level of sharing, etc., as well as carrying out government actions (such as quarantining)
- Third-party applications: Details of third-party applications implemented in the company, such as G Suite, and definition of policies for those applications.
- User: Complete general information of the user profile in the cloud, including groups, locations, recent activities, related alerts and used browsers.
From this tab you can perform a detailed analysis of the applications used in the company and perform actions with the unwanted ones, as they are considered risk applications or because they violate the company's policies, marking them as Unauthorized .
Once an application is marked as unauthorized, you can perform two types of actions on them:
- Do not prevent it from being used, but more easily monitor its use through Cloud Discovery reports.
- Prevent its use by blocking access to the application throughout the company (this function requires a specific configuration in the company's firewall)
Through this view you can connect applications and keep track of the actions performed on them, such as:
- Consult the map of active users and real-time monitoring
- Control the actions performed (data or documents)
- View user accounts that use the application
- Apply your policy policies.
Cloud App Security uses the APIs provided by the providers of the cloud applications to connect them and gain control over them.
Policy policy to control applications
The actions taken by employees with applications can be managed and controlled based on directivesand, if necessary, apply the necessary policies to mitigate the risks in your company. For example, through directives you can allow users to access certain applications in the cloud from the company, but forbid documents from being downloaded.
There are several types of directives that correlate with the different types of information you want to collect about the cloud environment and the types of corrective actions you want to perform:
- Activity directive: They allow to monitor specific activities carried out by different users or to follow unexpectedly high levels of traffic of a certain type of activity.
- Anomaly Detection Policy: They allow you to search for unusual activities in the cloud to issue alerts when something different from the baseline of the organization or from normal user activity occurs.
- Application detection policy: They allow to establish alerts that notify when new applications used in the organization's network are detected.
- Cloud Discovery anomaly detection policy : This directive examines the company's network traffic and looks for anomalous behaviors. For example, when a user who has never used Dropbox suddenly loads 600 GB or when there are many more transactions than usual in a given application.
- Archive policy: They allow you to examine applications in the cloud to detect specific file types or files (shared, shared with external domains), data (property information, personal information, credit card information, etc.) and apply policies necessary to comply with company regulations.
This view provides full visibility of any suspicious activity or violation of the policies established by the company helping administrators determine the nature of the incident and the response needed for each alert. Also, Cloud App Security alerts help you adapt policies or create new ones based on incidents. For example, if you receive an alert that a company user has logged in from Greenland and no user in your organization has ever logged in from that location, you can create a policy that automatically suspends any account when trying to access from that location .
Alert panel view showing suspicious activity and failed logins
You can seamlessly monitor all Azure subscriptions and protect your environment through:
- Visibility of all activities carried out through the portal.
- Possibility of creating personalized directives to alert about unwanted behaviors, as well as the possibility of automatically protecting against risk users by suspending or requiring them to log in again.
- All Azure activities are covered by the anomaly detection engine, which will automatically generate an alert for any suspicious behavior on the Azure Portal, such as anomalous logins, mass suspicious activities and activity from a new country.
In recent months Microsoft Cloud App Security has received interesting improvements, among which, for example, the possibility of visualizing which applications and services are executed on the subscriptions of Infrastructure as a Service (IaaS) and Platform as a service (PaaS), regardless of whether They are running on Azure, AWS or Google Cloud.
Microsoft Cloud App Security and the GDPR
Thanks to the integration with Azure Information Protection (AIP) , Cloud App Security can help your company in complying with GDPR by allowing you to apply AIP classification tags to files in the cloud to protect and identify them. With the integration you can:
- Apply classification tags as a government action to files that match the directives.
- View all classified files in a central location.
- Conduct research based on the level of classification and quantify the exposure of confidential information in cloud applications.
- Create policies to ensure that classified files are controlled correctly.
Cloud App Security licensing options
- Cloud App Discovery (Basic Functionality): Provides information about which cloud applications not managed by you are being used in your company, with the aim of controlling the shadow IT. This product is integrated into Azure Active Directory Premiun and Enterprise Mobility + Security E3 .
- Office 365 Cloud App Security (Intermediate functionality): Includes threat detection based on user activity logs, detecting more than 750 Office 365 applications or applications with similar functionalities. This version is integrated into Office 365 Enterprise E5.
- Microsoft Cloud App Security (Full functionality): The most complete solution that provides detailed visibility and threat protection of both Office 365 and SaaS applications, with a complete catalog of more than 16,000 applications in the cloud . It also allows labeling and classification thanks to the integration with Azure Information Protection. This version is integrated into Enterprise Mobility + Security E5, Microsoft 365 E5 or as a standalone product.
With Cloud App Security you can benefit from the advantages of the cloud with confidence, while still being safe, protected and complying with regulations.
Want to know more about Microsoft Cloud App Security? Contact us!