New Cloud Discovery capabilities in Cloud App Security

First published on CloudBlogs on Mar 28, 2017
This post is authored by Niv Goldenberg, Senior Program Manager, Cloud App Security.

How to maintain user privacy

We frequently get a key privacy question from you: how can we discover Shadow IT and monitor usage of cloud applications without violating user privacy? The answer is simple: with data anonymization. You can sanitize and encrypt personal information in the Cloud App Security console using data anonymization. Instead of viewing personal data in the management portal, IT admin would see anonymized information. So you maintain your users’ privacy and now with peace of mind, you can securely discover and understand the cloud usage in your organization and quantify the risk you are exposed to with regards to these cloud apps. After discovering the apps your employees are using, you can sanction your SaaS apps for extended visibility, data control and threat protection. In this blog post, I will walk you through how to do this step by step at Cloud App Security management portal.

How to anonymize data

Cloud App Security does not require agents on user devices for discovery analysis. We collect your logs from your firewalls and proxies. For anonymizing data during log upload, you simply check 'anonymize private information' when adding a new data source (or creating a new snapshot report) at management portal. Your data will automatically be encrypted using Advanced Encryption Standard (AES)128 with a dedicated key, letting no private information be stored or displayed outside your network. But of course, under special circumstances, such as a security investigation of a breach or a compromised account, you might want to resolve the real username.  For this very reason, Cloud App Security management portal allows IT admins to decrypt the user name when they provide a valid justification. In order to protect user privacy, these activities are tightly audited by the IT admin at Cloud App Security management console.

Reviewing your Cloud Discovery data and risk assessment

Once the data is anonymized and analyzed, the Cloud Discovery Dashboard in our management portal provides you the much-needed visibility into your organizations cloud app usage. The service identifies more than 13,000 cloud applications in your network—from all devices—and provides risk scoring and on-going risk assessment and analytics. You can dive deeper by viewing on-going analytics on the usage, the most used app categories, top users and IP addresses. An essential part of cloud discovery is understanding the risk associated with each app discovered, so you can make decisions on whether you would like to sanction the app or block the use of it. Cloud App Security provides a risk assessment by evaluating each discovered service against more than 60 parameters: evaluating the service provider, security mechanisms, and compliance certifications. These details help determine and assess the credibility and reliability of each cloud service discovered. Finally, you can view the discovery alerts: the new apps and the anomalies in usage. For example, if one of your users is downloading and uploading terabytes of data within a couple transactions, that may be indicative of a breach.  Cloud App Security will provide an alert in this case and you can review right away.

How to sanction and block apps

After you review apps usage in the context of your business need and understand the underlying user need that motivated the use of an unsanctioned app by interacting with your business counterparts, you can decide if you want to sanction the app and protect it with Cloud App Security or block the usage of this app in your organization.  For unsanctioning apps, we provide an easy-to-deploy  solution, leveraging your existing on-premises security appliances by importing block scripts.

Learn more and let us know what you think

We know how important visibility, control and threat protection are for IT teams, when it comes to cloud applications. Our goal in Cloud App Security engineering team is to continuously innovate to provide a top-notch user experience, visibility, data control and threat protection to your cloud apps. If you would like to learn more about these Cloud Discovery features, please visit our technical documentation page. We love hearing your feedback and we take it seriously! Get started with Cloud App Security today, give a try to these new features and let us know what you think at Cloud App Security Tech Community .