Tackling cloud app security with Microsoft 365

Your organisation may not be in the cloud, but I can guarantee your employees definitely are. Cloud apps are essential for today’s connected workforce, and while most organisations (53%) are forging ahead with some form of cloud1, 61% of cloud apps are not sanctioned by IT2. IT’s visibility into these cloud workloads is a growing problem. In fact, an overwhelming majority, 93% of respondents to a recent Cloud Security Threat Survey reported issues keeping tabs on their cloud workloads1.

Paired with 49% of those surveyed revealing their cloud security manpower as inadequate1, cloud applications introduce a unique and very real set of security challenges.

In this blog, we explore some of the security implications of cloud apps and how Microsoft 365 Enterprise E5 tackles those challenges. What you may not be aware of is that E5, has a strong set of security capabilities that you can leverage to protect your organisation.

Discover and assess shadow IT app risks

Gaining visibility to the applications that are being used by staff is a primary challenge of the proliferation of cloud services; knowing who is using what application in the organisation. It may sound obvious, but it is often overlooked (or ignored). The statistics are telling us, the average organisation believes its employees are using 452 cloud applications. However, according a 2019 study the actual number of Shadow IT apps is nearly four times higher at 1,8071. This disconnect between assumption and reality is an ongoing trend, 2018 results of the same study showed CIOs thought approximately 40 cloud apps were in use across their business, when in reality it was closer to 1,0001.

Departments and individual users often subscribe to a number of unapproved cloud services to help them get their work done. In addition, with BYOD now mainstream, and the blurred lines around device usage, employees access a range of personal cloud services from their business devices. This usage can present security challenges (what sensitive corporate data is being stored where), compliance (is the software legally licensed) and cost (are you paying for a Shadow IT application on a corporate credit card that is already licensed by the organisation with a like application?).

It’s never been more critical to deploy a robust cloud security solution.

Finding the cloud apps in use

So, how do you uncover apps you’re not aware of?

Microsoft’s Cloud App Security is a multimode Cloud Access Security Broker (CASB) solution, it can identify more than 16,000 applications that are traversing the perimeter of your network, with over 70 risk factors evaluated for each app. The assessment of each app is particularly crucial – a study of 33,000 apps revealed less than 1% had the built-in security requirements for regular business use and 39% were not suitable for business use at all1.

Cloud App Security provides the visibility that organisation are seeking to manage the Shadow IT dilemma that most IT departments are trying to combat. Combined with risk assessments and sophisticated analytics, this discovery tool provides far greater visibility into cloud security compared to what many organisations currently have.

Essentially, it takes the visibility, control, and protection you have come to expect on-premises and extends this to your cloud apps.

Screenshot of Microsoft's Cloud App Security Dashboard

How to get your hands on Cloud App Security

Cloud App Security comes standard with Microsoft 365 Enterprise E5, or as part of Enterprise Mobility & Security E5 (EMS E5).

Protect your information anywhere in the cloud with these top features

Control access to cloud services

Manage and limit cloud app access based on conditions and context, including user identity, device, and location. This means that you can identify particular cloud services that you don’t want employees to access in certain contexts. In addition, you can provide far greater and easier access for particular groups of users for specific use cases.

Protect your information

All Office 365 tools provide granular control over data and use built-in or custom policies for data sharing and data loss prevention. This means that not only can you detect which cloud services end users are accessing, you can also control what data they can access with those services, and when.

You also have control over data in transit, Cloud App Security helps you understand, classify and protect the exposure of sensitive information at rest, or you can chose to leverage out-of-the-box policies and automated processes to apply controls in real-time, to protect all your apps no matter where the data is stored and shared.

This is an important part of the picture in meeting compliance requirements like Payment Card Industry (PCI), Health Insurance Accountability and Portability Act (HIPAA), Sarbanes-Oxley (SOX), General Data Protection Regulation (GDPR), The Australian Privacy Act, Notifiable Data Breaches Amendment and others. Cloud App Security factors compliance with these regulations into the risk assessment score for each app, and helps you further control and protect sensitive files through policies and governance.

Detect and protect against threats

One of the challenges of managing security has always been that not only do you need capability to prevent known risks, you also need the ability to detect emerging risks with unexpected characteristics. Using the data access controls that I have outlined above, it is incredibly useful to be able to specify policies to prevent known risks.

Cloud App Security identifies high-risk usage and detects unusual behaviour using behavioural analytics, Microsoft threat intelligence, and anomaly detection capabilities. By learning how each user interacts with each SaaS app, it assesses the risks in each transaction and acts accordingly to eliminate the threat.

Some examples include, simultaneous logins from two different continents; the sudden download of terabytes of data; or multiple failed login attempts that may signify a brute force attack. Built-in policy templates can also detect potential ransomware activity and search for unique file extensions. You can specify governance actions to suspend suspect users and prevent further encryption of the user’s files.

Diagram of data travelling between cloud apps, Microsoft's Cloud App Security and the end users device.

A uniquely integrated CASB solution

Cloud App Security natively integrates with other leading Microsoft security solutions, providing simple deployment, centralised management and innovative automation capabilities with solutions such as:

Azure Active Directory

Identity-centric monitoring and control of user actions via conditional access and our reverse proxy.

Microsoft Flow

Centralised automation of security alerts via an ecosystem of more than 250 connectors.

Windows Defender ATP

Single-click enablement to extend the discovery of Shadow IT beyond your corporate network.

Microsoft Intune

Powerful MDM controls to define granular access and session policies for non-compliant devices.

Azure Security Center

Security configuration assessment and recommendations for your IaaS and PaaS environment.

Azure Sentinel

SIEM reinvented for a modern world. Intelligent security analytics for your entire enterprise.

Azure Information Protection

Unified information protection across endpoints, apps, cloud services, and on-premises data.

Azure Advanced Threat Protection

Unified SecOps experience to investigate advanced identity attacks across on-premises and cloud.

Like to know more?

As a Microsoft Gold Partner, Data#3 has unique capabilities to secure your Modern Workplace partner. We also offer a number of assessments, to help you understand your security posture, please contact a local Security Specialist to discuss or book a Security Strategy Workshop, Shadow Data Audit or any of our Security Threat Assessments today.

1 Symantec. (June, 2019). 2019 Cloud Security Threat Report. [Online] Available here: https://www.data3.com/wp-content/uploads/2019/07/CSTR-June-2019.pdf
2 Microsoft. (June 2019). Microsoft Cloud App Security. [Online] Available at: https://go.microsoft.com/fwlink/p/?linkid=2079728

Tags: Cloud, Cloud Access Security Broker (CASB), Cloud App Security, Cloud Security, Microsoft, Microsoft 365, Microsoft Office 365, Modern Workplace, Security



Blog - Network Visibility and Authentication
Network visibility and authentication: Your school’s cyber security superpowers

When it comes to cyber security, schools need to be as vigilant as any business. After all, they deal with…

Customer Story: Main Roads Western Australia

Main Roads Western Australia Boosts Visibility and Security with Microsoft Defender for Identity Solution from Data#3…

Customer Story: Hydro Tasmania

Hydro Tasmania seamlessly transitions to work from home across Australia Download Customer Story…

Why has identity management for the hybrid workforce become so difficult?

We all know the story of the mad scramble organisations faced in shifting from a primarily office-driven workforce to…

Humans are the new perimeter
Developing a hybrid workforce supported by cloud-native security 

Let’s not beat the hybrid workplace drum any more than it already has. An early 2022 study from Smart…

Customer Story: ElectraNet

ElectraNet cuts costs and increases visibility with technology intelligence solution Download Customer Story…

Customer Story: Department of Communities

Department of Communities WA uses Lifecycle 360 for post-merger success Download Customer Story…

Customer Story: Victoria State Emergency Services

Decommissioning Legacy Server Environment Cuts Risk for Victoria State Emergency Service Download Customer Story…