This is made even worse when users, or entire departments, begin utilising unapproved SaaS applications for their work and security admins are left unaware to the potential security risk that has just been created (does finding out your colleagues hosted a super confidential proposal for a top-secret contract on dropbox.com sound familiar?)
If I was to summarise the pensive parleys around your company’s water coolers, one of the most important conversations being had are around who has access to your organisations data and how can that access be balanced with visibility, security and protection.
From past customer survey’s Microsoft found 80% of employees admitted to using unapproved cloud based apps at work, so these questions and concerns are definitely not unfounded. If you want to reap the many benefits of a cloud-lift with minimal risk and internal discomfort, your business stakeholders will the need utmost assurance and confidence that their data and security protocols are still as tight as ever. Not many current IT security services can provide this level of detail to its customers.
And that’s where Microsoft promises you Visibility, Control and Protection with its newly available web service, ‘Cloud App Security’. The power to police the IT landscape in your organisation is put back into your hands.
What is Microsoft Cloud App Security?
Cloud App Security is a SaaS (Software as a Service) solution for security complexities faced by the modern day workplace. It is a pro-active alert and monitoring system that is able to detect and control web app connections in your network, ultimately providing you the capabilities needed to react to behavioural anomalies and breaches of security policies related to sensitive data and documents.
Since Cloud App Security is a cloud application itself, the portal is accessible through any browser and has easy to use experience that will be immediately familiar to system administrators. The dashboard (as seen above) provides administrators a high level surveillance of the key metrics that matter at a glance.
What Does Microsoft Cloud App Security Do?
Firstly, and perhaps most importantly, Microsoft Cloud App Security is able to identify over 13,000 popular cloud apps that could currently be accessed over your network, across all devices. This means no more rogue applications will be used without you knowing about it. Furthermore, Cloud App Security carries out a risk assessment based on a variety of metrics to help you decide what needs to be sanctioned and what applications can be allowed access.
The ‘Discovered Apps’ tab displays all the apps currently on the network, including third party apps not in the Microsoft ecosystem. Key usage metadata like traffic, upload and transactions are useful metrics to gauge any unusual spikes in activity.
Clicking into a list of Discovered Apps will show an evaluation score based on over 60 parameters. Users will also be able to click into a specific scoring to see the breakdown of how the App was scored.
A variety of other usage metrics can be explored inside the app, including but not limited to users, top uploaders and top downloaders. These aid in identifying and exploring usage of web apps across your business over specific time ranges, adding another dimension of discovery to your security analytics.
Discovering potential threats, unauthorised applications, or anomalous behaviour with your files and users on your web apps is only the first step in making sure enterprise users and data are protected. The power and control to immediately suspend a violating app is necessary to prevent a crisis from escalating if any malicious behaviour or activity is afoot. Cloud Application Security puts that control right into the hands of security and IT administrators with ability to act accordingly with a few clicks.
Default policies and custom built ones which you can setup yourself can also help you define what an ‘offending’ behaviour is.
Say your finance department has private customer information held on any number of popular cloud apps, needless to say this kind of documentation needs to be handled carefully and kept extremely secure. Compliance to data protection legislation means that you need to be made aware whenever a document is shared and has broken or compromises the confidentiality of the information contained within. With Cloud App security we would be able to see all files violating policy you have setup.
When investigating an offending file, you’d be able to see all the key metadata attached to it. It may simply be that you make the user responsible for the document aware that they have shared it more openly then they thought they did…
…Or you’d have a number of actions at your fingertips that allow you to isolate the file immediately (for instance ‘quarantine’ or ‘make private’) while you spend more time investigating and remediating the issue internally.
ProtectionConstant vigilance and browsing over a dashboard on a daily basis, while commendable, isn’t the most productive use of time. Cloud App Security pro-actively alerts administrators to anomalies through the use of its powerful threat detection engine.
Some of the Alerts that can be setup in the alert centre include:
- Mass download of documents by a user
- Multiple failed log on attempts by a user
- Anomaly detection
- If a user Logs onto a web app twice over a short amount of time over a long distance
- App Discovery
- A new app is discovered on your network with a daily upload rate that exceeds a predefined number of MB’s
- Cloud Discovery
- Suspect behaviour from:
- IP Addresses
- Large upload compared to other users
- Suspect behaviour from:
- File Policy
- If a file is shared with an unauthorised domain name