Published
Sep 08 2018 09:27 AM
6,448
Views
First published on CloudBlogs on Nov 07, 2016
At Ignite, we showcased the integration between Cloud App Security and Azure Information Protection in the Cloud App Security session and Azure Information Protection session . Today, we’re excited to share more about this integration and demonstrate how it helps in extending security for your data as it travels to the cloud. With the digital transformation that organizations are going through, data is traveling to more locations than ever before, increasing users’ productivity and ability to access data and collaborate with others. With Azure Information Protection , we’re focused on providing our customers an innovative information protection solution which is adapted to the mobile and cloud-first world and can protect company data wherever it is. One of the key challenges for information protection solutions today is the lack of visibility and control for data as it is moves to cloud applications. Cloud applications pose a huge challenge for legacy information protection solutions which are not adapted to the cloud. They also create new challenges such as the need to monitor and control sharing of sensitive data with external parties. Cloud App Security provides a holistic solution to discover, monitor, control and protect activities and data in cloud applications. With this integration, the service can leverage the classification labels set by Azure Information Protection natively and enforce automatic governance actions such as file quarantine and remove sharing based on classification and sharing level of the file. With this integration, Azure Information Protection helps extend control over your data throughout the complete data lifecycle - from creation to storage on-premises and in cloud services to sharing internally or externally to monitoring the distribution of files and finally responding to unexpected activities. This integration provides following key capabilities:
He now uploads this file to an internal folder in Box.
He then shares this file, sending the link to the shared file to a colleague at another company. This file now can be accessed freely by any user that has this link.
Such an action can put sensitive organizational data at risk and expose business information.
The security admin in the user’s organization wants to analyze the use of cloud applications employees are using. He logs in to the Cloud App Security console and gets details of all the files that are shared by employees publicly. He sees that the user uploaded a Confidential file into a shared folder in Box. The admin can view all previous access event to this file, and immediately remediate by removing its collaboration rights.
At Ignite, we showcased the integration between Cloud App Security and Azure Information Protection in the Cloud App Security session and Azure Information Protection session . Today, we’re excited to share more about this integration and demonstrate how it helps in extending security for your data as it travels to the cloud. With the digital transformation that organizations are going through, data is traveling to more locations than ever before, increasing users’ productivity and ability to access data and collaborate with others. With Azure Information Protection , we’re focused on providing our customers an innovative information protection solution which is adapted to the mobile and cloud-first world and can protect company data wherever it is. One of the key challenges for information protection solutions today is the lack of visibility and control for data as it is moves to cloud applications. Cloud applications pose a huge challenge for legacy information protection solutions which are not adapted to the cloud. They also create new challenges such as the need to monitor and control sharing of sensitive data with external parties. Cloud App Security provides a holistic solution to discover, monitor, control and protect activities and data in cloud applications. With this integration, the service can leverage the classification labels set by Azure Information Protection natively and enforce automatic governance actions such as file quarantine and remove sharing based on classification and sharing level of the file. With this integration, Azure Information Protection helps extend control over your data throughout the complete data lifecycle - from creation to storage on-premises and in cloud services to sharing internally or externally to monitoring the distribution of files and finally responding to unexpected activities. This integration provides following key capabilities:
Visibility into data sharing
When data is created, it is classified and labeled based on its sensitivity, either automatically or manually using Azure Information Protection. This process of classification adds a label to the data, that will persist throughout its entire lifecycle. Users can upload such files to cloud applications and attempt sharing with people inside or outside of their organization. Cloud App Security identifies the sensitivity level of these files, based on their labels set by Azure Information Protection and help you monitor and control such activities. Ex. Admins can query for all Confidential files that are shared publicly over DropBox, Box, SharePoint Online and other cloud services, and take an action upon these activities, such as log, alert, notify the end-user, or even prevent from such files from being shared. In below example, a user is working on a file that’s labeled Confidential.
He now uploads this file to an internal folder in Box.
He then shares this file, sending the link to the shared file to a colleague at another company. This file now can be accessed freely by any user that has this link.
Such an action can put sensitive organizational data at risk and expose business information.
The security admin in the user’s organization wants to analyze the use of cloud applications employees are using. He logs in to the Cloud App Security console and gets details of all the files that are shared by employees publicly. He sees that the user uploaded a Confidential file into a shared folder in Box. The admin can view all previous access event to this file, and immediately remediate by removing its collaboration rights.
Policies to control sharing
Admins can use the Cloud App Security console to set policies for files sharing – based on their level of sensitivity to the business as set by Azure Information Protection. In case of unexpected sharing of sensitive files, one of the following actions can occur automatically to prevent data loss –- Files can be put in quarantine
- Sharing can be restricted for the files
- Notification can be sent to users who shared the files