Infrastructure-as-a-Service (IaaS) initiated the decline of traditional data center strategies. Today, modern cloud-focused IT strategies enable organizations to implement new processes and scale their infrastructure up and down as needed, allowing them to reach cost efficiencies and high levels of flexibility.
Whether organizations have chosen a single- or multi-cloud vendor strategy, they are often surprised when they find that a business unit has servers on a platform without any IT oversight. PaaS adoption is commonly driven by developers working on custom applications, or even business-users. When the use of IaaS and PaaS services are leveraged by these user groups, it often happens without any IT oversight and can go unmonitored for extended periods of time - posing significant security risks to an organization.
Take for instance storage solutions. Microsoft Azure blobs, Amazon Web Services S3 buckets, or Google Cloud Platform storage buckets can host business-critical resources such as documents, databases, and source code. A simple access misconfiguration can expose sensitive information and lead to malicious exfiltration. Data shows that organizations often have hundreds of custom apps running in the cloud, while our research suggests that only a fraction is managed with IT oversight. Therefore, it’s important to establish IT oversight from the beginning to avoid stale.
Microsoft Cloud App Security has extended its Shadow IT Discovery capabilities to detect resources that are hosted on IaaS and Platform-as-a-Service (PaaS) solutions across Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP), with more being added soon.
The new “Discovered resources” tab in the Microsoft Cloud App Security portal provides you with visibility into the custom apps that run on top of your IaaS and PaaS subscriptions. You can use this new capability to gain full visibility into the resources that exist within your organization, which users are accessing them, transactions, IP addresses, and how much traffic is being transmitted.
Image 1 shows the new “Discovered resources” view in Microsoft Cloud App Security and the drill down into one of the discovered resources.
Image 1: “Discovered resources” view in Microsoft Cloud App Security