How do you investigate non-sanctioned apps?

%3CLINGO-SUB%20id%3D%22lingo-sub-2322840%22%20slang%3D%22en-US%22%3EHow%20do%20you%20investigate%20non-sanctioned%20apps%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2322840%22%20slang%3D%22en-US%22%3E%3CP%3EWhile%20MCAS%20is%20great%20for%20Cloud%20Discovery%20and%20enforcing%20policy%2C%20how%20do%20you%20go%20about%20sanctioning%2Funsanctioning%20apps%20appropriately%3F%20One%20of%20the%20pain-points%20we're%20facing%20is%20that%20while%20it%20may%20say%20user%20x%20uploaded%2050mb%20to%20app%20hosting%20provider%205%2C%20we%20don't%20know%20what%20actual%20URLs%2Fweb-apps%20are%20tied%20to%20hosting%20provider%205.%20When%20you%20look%20at%20an%20application%20in%20MCAS%2C%20you%20get%20the%20general%20URLs%20for%20the%20application...%20i.e.%20hostingprovider5.com%2Flogin.aspx.%20This%20doesn't%20help%20understand%20what%20URLs%20the%20user%20is%20hitting%20though%2C%20which%20could%20be%20legitimate%20sites%2C%20that%20we%20may%20then%20block%20incidentally%2C%20because%20we%20don't%20have%20the%20underlying%20information.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAm%20I%20wrong%3F%20Can%20someone%20help%20me%20understand%20their%20process%20for%20investigating%20these%20alerts%20and%2For%20sanctioning%2Funsanctioning%20apps%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2322840%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECloud%20App%20Security%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

While MCAS is great for Cloud Discovery and enforcing policy, how do you go about sanctioning/unsanctioning apps appropriately? One of the pain-points we're facing is that while it may say user x uploaded 50mb to app hosting provider 5, we don't know what actual URLs/web-apps are tied to hosting provider 5. When you look at an application in MCAS, you get the general URLs for the application... i.e. hostingprovider5.com/login.aspx. This doesn't help understand what URLs the user is hitting though, which could be legitimate sites, that we may then block incidentally, because we don't have the underlying information.

 

Am I wrong? Can someone help me understand their process for investigating these alerts and/or sanctioning/unsanctioning apps?

0 Replies