Even if you are not in the cloud, your employees
probably definitely are. Cloud apps are essential to today’s connected workforce but with more than 80% of employees using non-approved SaaS applications, they also introduce a unique and very real set of security challenges.
In this blog, we explore some of the security implications of cloud apps and how Microsoft Office 365 Enterprise E5 tackles those challenges. What is surprising about E5, is that it has a strong set of security capabilities that many customers are unaware of.
A recent Gartner survey found that 51% of Enterprises are comfortable with some form of Shadow IT being used by staff, with the condition that there is visibility as to what is being used, so that compliance, security and cost is managed. Gaining visibility to the applications that are being used by staff is a primary challenge of the proliferation of cloud services; knowing who is using what application in the organisation. It may sound obvious, but it is often overlooked (or ignored).
Departments and individual users often subscribe to a number of unapproved cloud services to help them get their work done. In addition, with BYOD now mainstream, and the blurred lines around device usage, employees access a range of personal cloud services from their business devices. This usage can present security challenges (what sensitive corporate data is being stored where), compliance (is the software legally licensed) and cost (are you paying for a Shadow IT application on a corporate credit card that is already licensed by the organisation with a like application?).
Alarmingly, it’s predicted that by 2020, one third of successful attacks will be on shadow IT resources. It’s never been more critical to deploy a robust security solution.
Cloud App Security can identify more than 15,000 apps on your network, providing the visibility required to manage the cloud application Shadow IT dilemma. Combined with risk assessments and ongoing analytics, this discovery capability provides far greater visibility into cloud security than many organisations currently have.
Essentially, it takes the visibility, control, and protection you have come to expect on-premises and extends them to your cloud apps.
Cloud App Security comes standard with Office 365 Enterprise E5, or you can subscribe as a standalone service (if, for example, you’re using another version of Office).
Manage and limit cloud app access based on conditions and session context, including user identity, device, and location. This means that you can identify particular cloud services that you don’t want employees to access in certain contexts. In addition, you can provide far greater access for particular groups of users in specific contexts.
All Office 365 tools provide granular control over data and use built-in or custom policies for data sharing and data loss prevention. This means that not only can you detect which cloud services end users are accessing, you can control what data they can access with those services, and when.
This is an important part of the picture in meeting compliance requirements like Payment Card Industry (PCI), Health Insurance Accountability and Portability Act (HIPAA), Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR), and others. Cloud App Security factors compliance with regulations into the risk assessment score for each app, and helps you further control and protect sensitive files through policies and governance.
One of the challenges of managing security has always been that not only do you need capability to prevent known risks, you also need an ability to detect emerging risks with unexpected characteristics. Using the data access controls example above, it is incredibly useful to be able to specify extensive policies to prevent known risks.
Cloud App Security identifies high-risk usage and detects unusual behaviour using behavioural analytics, Microsoft threat intelligence, and anomaly detection capabilities. By learning how each user interacts with each SaaS app, it assesses the risks in each transaction and acts accordingly to extinguish the threat.
For example, simultaneous logins from two different continents; the sudden download of terabytes of data; or multiple failed login attempts that may signify a brute force attack. Built-in policy templates can also detect potential ransomware activity and search for unique file extensions. You can specify governance actions to suspend suspect users and prevent further encryption of the user’s files.
To learn more about The Anywhere Workplace from Data#3 or Microsoft Cloud App Security and Microsoft Office Enterprise E5, contact us today.
 More than 80 per cent of employees use ‘non-approved’ SaaS apps – report
 Metrics and Planning Assumptions Required to Drive Business Unit IT Strategies
Tags: Cloud, Cloud App Security, Cloud Security, Microsoft, Microsoft Office 365, Security, The Anywhere Workplace