What is Cloud App Security? Let’s start with the Microsoft explanation of what’s in the service: Cloud App Security is a critical component of the Microsoft Cloud Security stack. It’s a comprehensive solution that can help your organization as you move to take full advantage of the promise of cloud applications, but keep you in control, through improved visibility into activity. It also helps increase the protection of critical data across cloud applications. With tools that help uncover shadow IT, assess risk, enforce policies, investigate activities, and stop threats, your organization can more safely move to the cloud while maintaining control of critical data. Why would you use it? With the transition of businesses to cloud- and mobile-based applications, data doesn’t live just within the confines of your corporate network. As described in the prior entries, today’s IT environment: Use many different SaaS applications An average of 17 per employee 80% of the employees are using unapproved apps Allows cloud administration to be done from any device / anywhere 70% of organizations allow cloud admin activity on personal devices on unsecured networks 75% of admin accounts have gone dormant/idle Allows users to decide how to share data and with whom to share it 25% of files shared externally go public 91% of organizations’ employees have given their personal accounts access to corporate resources How does this service help protect your organization? Let’s use an example of the fictional Contoso company to show how Cloud App Security works to protect key company assets. Contoso has a typical IT infrastructure – traditional on premises software mixed with various SaaS-based applications. Various business units of Contoso have struck out on their own and have purchased niche SaaS applications; some power users have also started to use consumer-grade storage services – and these are the things that IT is aware of! Cloud App Security uses a 4-part framework to help: Discover: Uncovers instances of shadow IT by discovering apps, activities, users, data, and files in the cloud environment. It can also discover any 3rd-party apps which are connected to your cloud Uses your traffic logs (from proxies and/or firewalls) to discover which SaaS apps your company is using. You can either manually upload logs from your edge devices or have Cloud App Security log collectors automatically import them. In the example below, we can easily see the apps in-use, their categories, whether they’re sanctioned or not, where the users are located, and the top users of applications. Investigate: Provides a cloud forensics tool to provide intelligence on the apps in-use in your network. App Connectors use APIs provided by the SaaS vendor – these allow you to connect Cloud App Security directly to the app to: Get activity logs Scan data, accounts, and content Enforce policies, detects threats, and provides actions to resolve issues From the Investigate tab of the dashboard, our admin can quickly view activity logs, usage by user, usage by apps, even (as shown below), a listing of every file in-use – including metadata about the file. Control: Set policies and alerts to exert control over your cloud traffic. Monitor trends, see security threats, and generate custom reports Policies allow you to set controls over data sharing From the Control tab, our admin can quickly view alerts for existing policies, create new policies from scratch, or use policy templates for quick results. Protect: Choose which apps are sanctioned for your network, enforce data loss protection, control sharing permissions, and generate reports Microsoft employs a team of analysts to continuously rank and score SaaS apps – the catalog has more than 13,000 apps right now and is growing daily. You can use this catalog to assign risk based on regulatory certifications, industry standards, and best practices There are over 50 risk factors Finally, from the Alert tab, our admin is able to see a listing of alerts, their severity, the app affected, and their resolution status. I hope this post has got you interested in this portion of the EMS E5 suite. To get started with a trial of Cloud App Security, head to https://portal.cloudappsecurity.com. In the final post, we will discuss how all these components fit together to protect your company and make your job easier!