As of today, enterprises use an average of 1,100 cloud apps in their organization, with 75% considering SaaS essential to their business. At the same time, the increasing dependability on cloud services has introduced a new threat vector - with the rising number of cloud-based cyberattacks such as WannaCry, Gartner is recognizing Cloud Access Security Broker (CASB) to be a key investment area for organizations by 2020.
Powered by a unique approach to deliver native integrations with industry-leading security and identity solutions such as Azure Active Directory and Azure Information Protection – Microsoft Cloud App Security (MCAS), allows organizations to gain visibility into their cloud apps and services, and leverages sophisticated analytics to identify and combat cyberthreats. It enables you to control how your data is consumed, no matter where it lives.
This week at Microsoft Ignite we are showcasing our latest advancements in creating a uniquely integrated CASB:
Let’s take a loot at each one of these in more detail.
Real-time session controls and monitoring for Office 365 and on-premises apps
In June we announced the general availability of Conditional Access App Control for SAML-based apps, which allows you to control how your organization’s information can be accessed in real-time, based on the risk level of a user’s session.
Today we are announcing further advancements of this this feature:
Our unique solution is defined by the native integration with Azure AD Conditional Access and Azure datacenters around the world, for an optimized user and admin experience.
Starting today you can onboard Microsoft cloud services, including some of our most popular Office 365 apps to Conditional Access App Control and later this year we will be adding even more Microsoft apps including Azure portal and Dynamics 365. Microsoft Cloud App Security will then allow for some of the most granular real-time controls and complete admin oversight to monitor user sessions across first- and third-party cloud apps in a single place.
Discovery beyond your corporate network with Windows Defender ATP
Discovery in Microsoft Cloud App Security identifies the cloud apps used by your organization, provides risk assessments, ongoing analytics and lifecycle management capabilities to control the use. MCAS already supports a long list of firewalls and proxies today, as well as custom formats.
Today we are excited to announce a new, native integration with Windows Defender ATP, which extends the Discovery capabilities beyond your corporate network. Microsoft Cloud App Security can now leverage the traffic information collected by Windows Defender ATP about the cloud apps and services being accessed from IT-managed Windows 10.
The integration provides admins a more complete view of cloud usage in their organization and the seamless integration allows easy pivoting between the consoles for investigative actions.
Automatic detection and revocation of risky OAuth App permissions
OAuth is a standardized protocol leveraged as a secure way to link cloud apps and services and delegate access to a user’s account without sharing or exposing credentials. This authorization method is universally adopted by many cloud apps and services – including consumer and enterprise cloud services such as Office 365, Google Apps and Salesforce.
As more businesses adopt cloud apps and services, users authorize apps using their corporate credentials, giving these apps programmatic access to their corporate data and introducing potential back doors into corporate environments.
Microsoft Cloud App Security provides an overview of which OAuth apps your users have authorized access for across Office 365, Google, and Salesforce.
Starting today, admins can create app permission policies to automatically revoke an app’s permission, when it is considered risky, to safeguard their organization from malicious apps and preventing them to exploiting permissions. For more details, refer to our technical documentation.
Automating enterprise workflows with Microsoft Flow
The integration with Microsoft Flow enables organizations to create automated, custom workflows – for example routing Cloud App Security alerts to ticketing systems like ServiceNow or gathering manager approval to execute additional security controls such as disabling the account based on user attributes.
Image 4 shows an example of this functionality for an impossible travel alert policy in MCAS. It is configured to leverage MS Flow and the ServiceNow connector. This provides the ability to automatically create tickets based on the MCAS alert and align with existing processes in your organization.
Discovery and app lifecycle management with Secure Web Gateway
Microsoft Cloud App Security is partnering with Secure Web Gateway (SWG) providers such as Zscaler to deliver an inline Cloud App Discovery experience for customers who have existing SWG investments. We are happy to announce our most recent integration with iboss, an Internet security gateway built 100% for the cloud, that allows users to safely access their applications from any device, anywhere.
The new integration between iboss and MCAS delivers inline Cloud App Discovery and allows organizations to seamlessly enforce the blocking of apps on the corporate network - removing the need to deploy a log collector and the implementation of separate block scripts against your firewall or proxy. Leveraging Microsoft Cloud App Security and iboss for Discovery provides visibility into how users are accessing cloud applications, regardless of their device or physical location, and enables organizations to detect and easily manage access to unsanctioned cloud apps, to prevent data loss or the violation of regulatory compliance.
Microsoft Cloud App Security is a CASB differentiated by the truly unique and native integrations with industry leading security and identity solutions from the Microsoft product stack. We will continue to build on these integrations to provide even more advanced DLP capabilities and provide additional cloud app management scenarios with Windows Defender ATP.
Any App Support for real-time controls
While several Microsoft and third-party cloud apps can be enabled for real-time monitoring and control today, later this year we will be enabling additional apps such as Microsoft Teams and the Azure portal. Longer term we will be providing self-service onboarding for cloud apps, enabling MCAS to support any app and add even more granular app controls, while extending these beyond browser-based apps.
Cloud Security Posture Management
Our CASB offering is moving beyond cloud apps and now also enables customers to protect and analyze their PaaS and IaaS investments. Earlier this year we introduced a new integration with Azure Security Center, which allows you to assess and manage your cloud security posture of Azure. Gartner considers Cloud Security Posture Management as one of the top 10 security projects for 2018 and Microsoft Cloud App Security will be delivering the same capabilities for other PaaS and IaaS providers in the future. Furthermore, we will extend posture management to individual cloud apps to take Compliance assessment to the next level.
Microsoft Cloud App Security is a core part of Microsoft Threat Protection, as announced in Rob Lefferts’ blog post on Monday. MCAS is heavily investing in threat detection capabilities to provide an optimized security investigation experience and allow customers to detect and remediate advanced threats quickly and limit the impact to your organization. Going forward our focus is to streamline the SecOps experience and provide even more built-in detections, based on the insights from Microsoft’s security research teams and the Intelligent Security Graph.
Watch our Microsoft Ignite Overview session on demand.
As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our Tech Community page.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.