Microsoft Cloud App Security

 





The Cloud App Security Framework

Cloud App Security Brokers (CASBs) are defined by Gartner as security policy enforcement points placed between cloud service consumers and cloud service providers to combine as well as interject enterprise security policies as cloud-based resources are accessed. 

Microsoft Cloud App Security is a CASB  helps you to identify as well as combat cyber threats across Microsoft and third-party cloud services while easily integrating with Microsoft solutions, providing simple deployment, centralized management, and innovative automation capabilities. There are four elements to your Cloud App Security framework:

  • Discover & control the use of Shadow IT-  It Identifies the cloud apps, IaaS, and PaaS services used by your organization. As the apps you don't know about, on average totaling more than 1000, are your "Shadow IT", but when you know which apps are being used, you can better understand and control your risk.

  • Protect your sensitive information anywhere in the cloud- It can understand, classify, and protect sensitive information at rest which helps you to avoid accidental data exposure, while providing Data Loss Prevention (DLP) capabilities that covers the various data leak points that exist in organizations. 

  • Protect against cyber threats & anomalies- It can detect unusual behavior across apps, users, and potential ransomware. Cloud App Security can easily combine the multiple detection methods, including anomaly, User Entity Behavioral Analytics (UEBA), and rule-based activity detections, to show who is using the apps in your environment and how they are using them.

  • Assess the compliance of your cloud apps- It can assess if your cloud apps comply with the regulations and industry standards specific to your organization or not while helping you to compare your apps and usage against relevance compliance requirements, prevent data leaks to non-compliant apps, as well as limit access to the regulated data. 

Explore Your Cloud Apps With Cloud Discovery

You can use Cloud Discovery to see what's happening in your network as it easily analyzes your traffic logs against a catalogs of more than 80 risk factors to give you visibility into cloud use, Shadow IT, and the risk it poses to your organization. Its dashboard also provides an at-a-glance overview of what kinds of apps are being used, your open alerts, and the risk levels of the apps in your organization while also helping you to filter the data collected by the Cloud Discovery to generate the specific views depending on what interests you the most.

Protect Your Data & Apps With Conditional Access App Control

Microsoft Cloud App Security integrates with the Identity Providers (IdPs) to protect your data & devices with access and session controls through Conditional Access App Control. To further refine filters as well as set actions to be taken on a user, you can also use access and session policies in the Cloud App security portal. With the access and session policies, you can:
  • Prevent data exfiltration- Block the download, cut, copy, and print of sensitive documents on, for example, unmanaged devices.

  • Protect on download- Instead of blocking the download of the sensitive documents, you can require them to be labeled and protected with the Azure Information Protection while ensuring that the document is protected and  the user access is restricted in a potentially risky session.

  • Prevent upload of unlabeled files- It enforces the use of labeling as before any sensitive file is uploaded, distributed, and used by the others, it's important to make sure that it has the right label as well as protection. You can also block a file upload until the content is classified.

  • Monitor user sessions for compliance- Monitors risky users when they sign in to apps and log their actions from within the sessions while investigating as well as analyzing user behavior to understand where, and under what conditions, you can apply session policies in the future.

  • Block access- You can block access to the specific apps and users depending on several risk factors. For example, you can block a user if they are using a client certificate as a form of device management. 

  • Block custom activities- Some apps have unique scenarios that carry risk; for example, sending messages with sensitive content in the apps like Microsoft Teams or Slack. In these kinds of scenarios,  you can scan messages for sensitive content and block them in real time. 

Classify & Protect Sensitive Information

One of the key elements of the Cloud App Security framework is protecting your sensitive information which is a subjective phrase, as this can vary from one organization to another.

What is Information Protection?

An employee might accidentally upload a file to the wrong place or they could send confidential information to someone who shouldn't have it which may result in the loss of information or it may made accessible to the wrong person that can further lead to serious financial, legal, or reputational consequences for your organization. An information is vital to any modern organization,and you want to ensure that it's protected at all times. 

To help you with it, Microsoft Cloud App Security natively integrates with the Azure Information Protection, a cloud-based service that helps classify as well as protect files and emails across your organization. 

Note: You have to enable the app connector for Microsoft 365 to take advantage of the azure Information Protection.  





Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)