Today, we are announcing that Microsoft Cloud App Security is now generally available as the latest addition to the secure platform we are building at Microsoft.
Cloud App Security, based on our Adallom acquisition, is a comprehensive cloud-delivered service built for IT and security teams to help combat one of the top security concerns today: “How can we gain deeper visibility, stronger controls and enhanced protection for cloud apps?”
The solution provides a set of capabilities to help companies design and enforce a process for securing cloud usage; from discovery and investigation capabilities, to granular control and protection. It is easy to deploy, setup and use and provides out-of-the-box value immediately, as well as rich tutorials for unlocking advanced capabilities.
Why do you need Cloud App Security?
Cloud applications are in use by most enterprises today, and we will soon reach the time where more corporate data will be stored in the cloud than on-premises. Moreover, everyone is using the cloud, and even companies without official SaaS apps in use have substantial Shadow IT usage of cloud. We know from past customer surveys that over 80% of employees admitted to using unapproved SaaS apps for corporate usage.
Let me share some brand new data from Microsoft Cloud App Security that will help put the scope of the Shadow IT challenge that many organizations face, into perspective:
- On average, each employee uses 17 cloud apps, but many organizations don’t know what is in use, or whether these apps meet security, privacy and compliance requirements
- In 91% of organizations, employees grant their personal accounts access to the organization’s cloud storage
- 70% of the organizations allow cloud admin activity from non-corporate, unsecured networks
- 75% of privileged cloud accounts are not in use. These accounts might be eating up the cost of a license, or worse, increasing the attack surface of the organization
- On average, an organization shares 13% of its files externally, of which 25% are shared publicly
For security teams, it is important to have deep visibility, strong controls and threat protection for cloud apps. That is why we created Cloud App Security: to provide you with an easy and comprehensive solution so you can gain visibility into your cloud app usage and start controlling it via policy.
As the need for visibility and control into cloud apps has increased the market for cloud app security, the Cloud Access Security Broker (CASB) market, has been one of the most active markets in the security space. Over several years, multiple companies have tried to provide an answer to this growing customer need; however, a comprehensive solution has yet to emerge. Today, customers often use only basic discovery capabilities without really leveraging cloud control capabilities. The crux of the matter is that cloud security is a paradigm shift from classic network-based security to something new and the market is waiting for a solution that can solve the different security issues across identity, device, data and application.
What do you get with Cloud App Security?
- App Discovery: Cloud App Security identifies all cloud applications in your network—from all devices—and provides risk scoring and ongoing risk assessment and analytics
- Data Control: With special focus on sanctioned apps, you can set granular controls and policies for data sharing and loss prevention (DLP) leveraging API-based integration. You can use either out-of-the box policies or build and customize your own
- Threat Protection: Cloud App Security provides threat protection for your cloud applications leveraging user behavioral analytics and anomaly detection
How does the product work?
So let’s get into the details, the product we are announcing today has two main components; discovery of cloud usage in the company using log-based traffic analysis and granular control for sanctioned apps leveraging API-based integration. They can be deployed and configured within minutes, so easy that we can do it together in this blog:
Step 1: Upload network logs for analysis
As a first step, you grab network logs from any egress network device (see supported list here) and upload a sample log for immediate visibility. You can also configure an automatic collector at a later stage.
Connecting an app is an easy one-click process. Simply click the “Connect an app” button and follow the relevant link (see list of supported apps for API integration here). Once you approve access, an Oauth token is created and Cloud App Security starts scanning the cloud app for users, data and activities.
That’s it! In two simple steps, Cloud App Security is connected and working. You can start handling out-of-the-box alerts or experiment with data control policies (more on this on upcoming blogs).
Without further ado, you are all invited to check it out! Visit our product page at www.cloudappsecurity.com and request a trial. We have detailed technical documentation to help you through the journey!
And of course, we would love to hear any suggestions or feedback you have.
The Cloud App Security team