Your organisation may not be in the cloud, but I can guarantee your employees definitely are. Cloud apps are essential for today’s connected workforce, and while most organisations (53%) are forging ahead with some form of cloud1, 61% of cloud apps are not sanctioned by IT2. IT’s visibility into these cloud workloads is a growing problem. In fact, an overwhelming majority, 93% of respondents to a recent Cloud Security Threat Survey reported issues keeping tabs on their cloud workloads1.
Paired with 49% of those surveyed revealing their cloud security manpower as inadequate1, cloud applications introduce a unique and very real set of security challenges.
In this blog, we explore some of the security implications of cloud apps and how Microsoft 365 Enterprise E5 tackles those challenges. What you may not be aware of is that E5, has a strong set of security capabilities that you can leverage to protect your organisation.
Gaining visibility to the applications that are being used by staff is a primary challenge of the proliferation of cloud services; knowing who is using what application in the organisation. It may sound obvious, but it is often overlooked (or ignored). The statistics are telling us, the average organisation believes its employees are using 452 cloud applications. However, according a 2019 study the actual number of Shadow IT apps is nearly four times higher at 1,8071. This disconnect between assumption and reality is an ongoing trend, 2018 results of the same study showed CIOs thought approximately 40 cloud apps were in use across their business, when in reality it was closer to 1,0001.
Departments and individual users often subscribe to a number of unapproved cloud services to help them get their work done. In addition, with BYOD now mainstream, and the blurred lines around device usage, employees access a range of personal cloud services from their business devices. This usage can present security challenges (what sensitive corporate data is being stored where), compliance (is the software legally licensed) and cost (are you paying for a Shadow IT application on a corporate credit card that is already licensed by the organisation with a like application?).
It’s never been more critical to deploy a robust cloud security solution.
So, how do you uncover apps you’re not aware of?
Microsoft’s Cloud App Security is a multimode Cloud Access Security Broker (CASB) solution, it can identify more than 16,000 applications that are traversing the perimeter of your network, with over 70 risk factors evaluated for each app. The assessment of each app is particularly crucial – a study of 33,000 apps revealed less than 1% had the built-in security requirements for regular business use and 39% were not suitable for business use at all1.
Cloud App Security provides the visibility that organisation are seeking to manage the Shadow IT dilemma that most IT departments are trying to combat. Combined with risk assessments and sophisticated analytics, this discovery tool provides far greater visibility into cloud security compared to what many organisations currently have.
Essentially, it takes the visibility, control, and protection you have come to expect on-premises and extends this to your cloud apps.
Cloud App Security comes standard with Microsoft 365 Enterprise E5, or as part of Enterprise Mobility & Security E5 (EMS E5).
Manage and limit cloud app access based on conditions and context, including user identity, device, and location. This means that you can identify particular cloud services that you don’t want employees to access in certain contexts. In addition, you can provide far greater and easier access for particular groups of users for specific use cases.
All Office 365 tools provide granular control over data and use built-in or custom policies for data sharing and data loss prevention. This means that not only can you detect which cloud services end users are accessing, you can also control what data they can access with those services, and when.
You also have control over data in transit, Cloud App Security helps you understand, classify and protect the exposure of sensitive information at rest, or you can chose to leverage out-of-the-box policies and automated processes to apply controls in real-time, to protect all your apps no matter where the data is stored and shared.
This is an important part of the picture in meeting compliance requirements like Payment Card Industry (PCI), Health Insurance Accountability and Portability Act (HIPAA), Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR), The Australian Privacy Act, Notifiable Data Breaches Amendment and others. Cloud App Security factors compliance with these regulations into the risk assessment score for each app, and helps you further control and protect sensitive files through policies and governance.
One of the challenges of managing security has always been that not only do you need capability to prevent known risks, you also need the ability to detect emerging risks with unexpected characteristics. Using the data access controls that I have outlined above, it is incredibly useful to be able to specify policies to prevent known risks.
Cloud App Security identifies high-risk usage and detects unusual behaviour using behavioural analytics, Microsoft threat intelligence, and anomaly detection capabilities. By learning how each user interacts with each SaaS app, it assesses the risks in each transaction and acts accordingly to eliminate the threat.
Some examples include, simultaneous logins from two different continents; the sudden download of terabytes of data; or multiple failed login attempts that may signify a brute force attack. Built-in policy templates can also detect potential ransomware activity and search for unique file extensions. You can specify governance actions to suspend suspect users and prevent further encryption of the user’s files.
Cloud App Security natively integrates with other leading Microsoft security solutions, providing simple deployment, centralised management and innovative automation capabilities with solutions such as:
Identity-centric monitoring and control of user actions via conditional access and our reverse proxy.
Centralised automation of security alerts via an ecosystem of more than 250 connectors.
Single-click enablement to extend the discovery of Shadow IT beyond your corporate network.
Powerful MDM controls to define granular access and session policies for non-compliant devices.
Security configuration assessment and recommendations for your IaaS and PaaS environment.
SIEM reinvented for a modern world. Intelligent security analytics for your entire enterprise.
Unified information protection across endpoints, apps, cloud services, and on-premises data.
Unified SecOps experience to investigate advanced identity attacks across on-premises and cloud.
As a Microsoft Gold Partner, Data#3 has unique capabilities to secure your Modern Workplace partner. We also offer a number of assessments, to help you understand your security posture, please contact a local Security Specialist to discuss or book a Security Strategy Workshop, Shadow Data Audit or any of our Security Threat Assessments today.
1 Symantec. (June, 2019). 2019 Cloud Security Threat Report. [Online] Available here: https://www.data3.com/wp-content/uploads/2019/07/CSTR-June-2019.pdf
2 Microsoft. (June 2019). Microsoft Cloud App Security. [Online] Available at: https://go.microsoft.com/fwlink/p/?linkid=2079728