Cloud App Security

Posted 2 August 2016 12:00 AM by Faizan Shaikh, User Engagement Analyst @ ClearPeople

Ascending to the Cloud

If you’ve moved over a business system to the cloud, or you’re thinking of doing so, Data Security is something that has likely been a major concern. Your IT department may already be paranoid about data access to certain secure areas of information, so if your system servers aren’t even on-site there’s going to be further trust issues. Would you be well enough equipped to detect and counter malicious interactions with your cloud apps (and by extension your data) if you were under attack?

This is made even worse when users, or entire departments, begin utilising unapproved SaaS applications for their work and security admins are left unaware to the potential security risk that has just been created (does finding out your colleagues hosted a super confidential proposal for a top-secret contract on dropbox.com sound familiar?) 

If I was to summarise the pensive parleys around your company’s water coolers, one of the most important conversations being had are around who has access to your organisations data and how can that access be balanced with visibility, security and protection.

From past customer survey’s Microsoft found 80% of employees admitted to using unapproved cloud based apps at work, so these questions and concerns are definitely not unfounded. If you want to reap the many benefits of a cloud-lift with minimal risk and internal discomfort, your business stakeholders will the need utmost assurance and confidence that their data and security protocols are still as tight as ever. Not many current IT security services can provide this level of detail to its customers.

And that’s where Microsoft promises you Visibility, Control and Protection with its newly available web service, ‘Cloud App Security’. The power to police the IT landscape in your organisation is put back into your hands.

1. What is Microsoft Cloud App Security?

Cloud App Security is a SaaS (Software as a Service) solution for security complexities faced by the modern day workplace. It is a pro-active alert and monitoring system that is able to detect and control web app connections in your network, ultimately providing you the capabilities needed to react to behavioural anomalies and breaches of security policies related to sensitive data and documents.



Since Cloud App Security is a cloud application itself, the portal is accessible through any browser and has easy to use experience that will be immediately familiar to system administrators. The dashboard (as seen above) provides administrators a high level surveillance of the key metrics that matter at a glance.

1.2 What Does Microsoft Cloud App Security Do?

1.2.1 Visibility

Firstly, and perhaps most importantly, Microsoft Cloud App Security is able to identify over 13,000 popular cloud apps that could currently be accessed over your network, across all devices. This means no more rogue applications will be used without you knowing about it. Furthermore, Cloud App Security carries out a risk assessment based on a variety of metrics to help you decide what needs to be sanctioned and what applications can be allowed access. 



The ‘Discovered Apps’ tab displays all the apps currently on the network, including third party apps not in the Microsoft ecosystem. Key usage metadata like traffic, upload and transactions are useful metrics to gauge any unusual spikes in activity.



Clicking into a list of Discovered Apps will show an evaluation score based on over 60 parameters. Users will also be able to click into a specific scoring to see the breakdown of how the App was scored.



A variety of other usage metrics can be explored inside the app, including but not limited to users, top uploaders and top downloaders. These aid in identifying and exploring usage of web apps across your business over specific time ranges, adding another dimension of discovery to your security analytics.


1.2.2 Control

Discovering potential threats, unauthorised applications, or anomalous behaviour with your files and users on your web apps is only the first step in making sure enterprise users and data are protected. The power and control to immediately suspend a violating app is necessary to prevent a crisis from escalating if any malicious behaviour or activity is afoot. Cloud Application Security puts that control right into the hands of security and IT administrators with ability to act accordingly with a few clicks.

Default policies and custom built ones which you can setup yourself can also help you define what an ‘offending’ behaviour is. 



Say your finance department has private customer information held on any number of popular cloud apps, needless to say this kind of documentation needs to be handled carefully and kept extremely secure. Compliance to data protection legislation means that you need to be made aware whenever a document is shared and has broken or compromises the confidentiality of the information contained within. With Cloud App security we would be able to see all files violating policy you have setup.

When investigating an offending file, you’d be able to see all the key metadata attached to it. It may simply be that you make the user responsible for the document aware that they have shared it more openly then they thought they did…



…Or you’d have a number of actions at your fingertips that allow you to isolate the file immediately (for instance ‘quarantine’ or ‘make private’) while you spend more time investigating and remediating the issue internally.



1.2.3 Protection

Constant vigilance and browsing over a dashboard on a daily basis, while commendable, isn’t the most productive use of time. Cloud App Security pro-actively alerts administrators to anomalies through the use of its powerful threat detection engine.

Some of the Alerts that can be setup in the alert centre include:

  • Activity
    • Mass download of documents by a user
    • Multiple failed log on attempts by a user
  • Anomaly detection
    • If a user Logs onto a web app twice over a short amount of time over a long distance
  • App Discovery
    • A new app is discovered on your network with a daily upload rate that exceeds a predefined number of MB’s
  • Cloud Discovery
    • Suspect behaviour from:
      • Users
      • IP Addresses
      • Servers
      • Large upload compared to other users
  • File Policy
    • If a file is shared with an unauthorised domain name
While we’ve only been able to show a handful of features that should put Cloud App Security at the forefront of your security suite, there’s still a lot we can talk to you about protecting your cloud enabled organisation. Get in touch with us today to learn more.


Share:

Add your comment

 
 

 

Archive

Tagcloud

Digital Transformation employee engagement staff satisfaction productivity Microsoft Teams Office 365 Yammer cms content management system agile GDPR Microsoft Graph collaboration Microsoft sharepoint 2016 upgrade migration SharePoint Online 2016 Tech Trends Digital Disruption Context marketing marketing SharePoint 2010 SharePoint 2013 TFS Git security kentico Analytics intranet jquery QA Quality Assurance testing digital workspace content management websites Sitecore sitecore marketplace sitecore module cloud Microsoft Cloud Storage digital strategy technical consulting sitecore modules Experience database Sitecore 7 Sitecore 8 support account management customer experience Data Storage windows azure cms integration front end front end development prototype Cloud Storage StorSimple Front-end Development Layout SharePoint 2013 colour palette UI design website design log viewer sitecore cms website Azure big data business-critical sharepoint accessibility android apple chrome clear people clearpeople debug emulator ios mobile testing opera resize adobe desktop flash ie10 internet explorer 10 metro windows 8 bcsp SharePoint Advanced System Reporter reporting framework ControlMode form control master page placeholder publishing console SharePoint 2007 SharePoint error search search results search values software testing testing scenario audit content information architecture retention schedules PowerShell QuickLaunch scripts SharePoint server 2010 business solutions metalogix replication replicator storagepoint stena technet UK Technet picture library slideshow web part RTM released to manufacturing caml caml query MOSS 2007 query infopath