Shadow IT discovery should give immediate and clear feedback to your organization about which applications are being leveraged in your cloud environment. This brief two-minute video demonstratesthe value of cloud shadow IT discovery in Microsoft Cloud App Security:
Microsoft Cloud App Security is designed to help organizations to discover and identify risky usage, potential exfiltration and protect your organization from any risk surfaced by shadow apps usage. The Cloud App Security databasehouses a cloud app catalog which grants discovery of more than 17,000 public applications, each evaluated by more than 90 risk indicators. The Cloud app catalog can also be extended to discover usage of your line of business apps.
With unique endpoint controls, native integrations with third party network solutions and support for any log source, Microsoft Cloud App Security is designed for safe adoption based on three main app lifecycle phases:
Discover and identify cloud usage
Evaluate and analyze associated risk and compliance
Manage and monitor access and usage
Discover and identify cloud usage
We recommend customers begin their journeyby discovering which apps are being used in their organization. Integrated with more than 30 unique network appliances, customers can use custom or native integrations with third party solutions and leverage native integration with Microsoft Defender for Endpointsto get visibility of cloud usage from all their users and managed endpoints.
By leveraging the app catalog containing more than 17,000 public apps, Cloud App Security helps organizations understand usage patterns across apps, users, devices and IP addresses. Cloud App Security also enables configuration of your own line of business applications to help uncover their usage patterns. From this dashboard view, you can already see the rich insights presented after Cloud App Security has begun to detect applications in your environment:
Evaluate and analyze associated risk
After apps are discovered, risks are identified that might expose your organization.The compliance posture of the app is evaluated based on industry-leading standards such as GDPR, HIPAA, PCI, and more. The app’s risk assessment consists of more than 90 risk indicators including app vendor overview, security and compliance indicators.Cloud App Security helps organizations to stay up to date and learn about recent data breaches or publicly disclosed incidents, potential attack vectors, and whether the app has been patched for known vulnerabilities. Becauseeach organization has its own process for addressing risk, we also provide the ability to override risk scores and modify risk weights to influence overall app risk calculation.
Application risk in Microsoft Cloud App Security is continuously updatedby offering self-attestation, continuous security research, advanced automated tools and customer feedback, which can influence each app’s global score. Here’s an example of the catalog of data insights that are kept for the 17,000+ applications in our database:
We have alsopartnered with Microsoft’s App Compliance program to power the public application self-attestation program, gathering risk data beyond web apps and driving individual service vendors to develop more secure apps.
However, understanding the security and compliance posture of discovered apps doesn’t provide the full picture without analyzing the app’s actual usage. Understandably, a high usage of one risky app should be more concerning than thelow usage of another risky app.
Manage and monitor access and usage
Cloud App Security provides various usage report types. For example, admins can select reports based on regions where they are deployed orspecific business units, with the ability to dive deeperinto app usage patterns in any connected app instance. Cloud App Security also offers traffic trends by transactions, users, uploads and downloads from discovered apps.
By leveraging integration with Microsoft Defender for Endpoint, Cloud App Security enriches usage telemetry with information about the device in use while using the app. With clarity on risk and usage patterns, administrators can improve their security and compliance posture by managing discovered cloud applications.
Recommendations for managing newly discovered applications
Organization admins must decide whether an application is valid for use from the perspectives of productivity, security and compliance. If the application is valid for use in the organization, thepriorityis to sanction the app.
Next, it’s wise to examine whether auditing or official management of the app is required. If either of these methods areneeded, consider onboarding the app in Azure Active directory for access (SSO) and user provisioning, control app access with conditional access or apply real time session controls based on user’s session risk. When available, use the app connector to enableadvanced threat protection and DLP capabilities.
Should an organization decide an app shouldn’t be used by their employees, it is a simple action to label an app as unsanctioned.This action will be propagated directly to Microsoft Defender for Endpoints, or any other integrated appliance like Zscaler, iBoss, Menlo or Corrata and will block access to the app.
The last step of theframework is to create a continuous monitoring process, including a security plan that alerts on newly discovered riskyappsorunusual high-volume use.
Traditional shadow IT discovery is a joint effort between a CASB and a network solution.The network solution sends all traffic telemetry from the corporate network to the CASB, which in turn provides detailed reporting. When multiple vendors are involved, it can become complex due to logcollections and access policy sync, as well as supporting various log formats and their changes. Microsoft Cloud App Security enables discovery and enforcement down to the endpoint (sometimes referred to as endpoint CASB). These endpoint CASB capabilitiesdeliver a seamless experience, leveraging integration with deployed Windows 10-based agents.These capabilities are available with single-click deployment, by enabling Microsoft Cloud App Security in Microsoft Defender for Endpoint. Enforcement is done on the endpoint and is agnostic to the network, providing visibility and control even when the user is working remotely, using a public/home network. This easily enabled tool allows enforcementof access controls at any time and from anywherea user is trying to access cloud apps:
Forfurthertraining or information,viewBoris’twenty-minute discussion onshadow ITdiscoveryin Microsoft Cloud App Security:
We welcome your feedback or relevant use cases and requirements for this pillar of Cloud App Security by emailingCASFeedback@microsoft.comand mention Shadow IT Discovery.
For further information on how your organization can benefit from Microsoft Cloud App Security, connect with us at the links below: