Microsoft Cloud App Security (Adallom) Introduction

By | May 23, 2017

Moving to the cloud increases flexibility for employees and reduces IT cost, but it also introduces new challenges and complexities for keeping your organization secure. To be able to get the full benefit of cloud applications, an IT team must find the right balance of supporting access while maintaining control, to protect critical data.

What is Cloud App Security

Microsoft Cloud App Security is a comprehensive service that provides deeper visibility, comprehensive controls, and improved protection for your cloud applications. Cloud App Security is designed to help you extend the visibility, auditing, and control you have on-premises to your cloud applications.

Cloud App Security is a critical component of the Microsoft Cloud Security stack. It is a comprehensive solution that helps organizations take full advantage of the promise of cloud applications while maintaining control with improved visibility into activity. It also increases protection of critical data across cloud applications. With tools to help uncover Shadow IT, assess risk, enforce policies, investigate activities and stop threats, organizations can safely move to the cloud while maintaining control of critical data.

Cloud App Security is a critical component of the Microsoft Cloud Security stack. It’s a comprehensive solution that can help your organization as you move to take full advantage of the promise of cloud applications, but keep you in control, through improved visibility into activity. It also helps increase the protection of critical data across cloud applications. With tools that help uncover shadow IT, assess risk, enforce policies, investigate activities, and stop threats, your organization can more safely move to the cloud while maintaining control of critical data.

Microsoft Cloud App Security is a component of Microsoft Enterprise Mobility + Security E5, and enables customers to discover and secure all the cloud apps in use within their organizations. Once the apps are discovered customers can put comprehensive controls in place for management and monitoring.

Cloud App Security framework

Visibility – The discovery engine leverages logs from firewalls and proxies in an organization to determine what apps are being used. It can discover 13,000+ apps today. No client-side agents are required, ensuring the discovery process does not block production systems. Discovery is also able to automatically ingest log data on a regular basis to ensure always up-to-date information.

Once apps have been discovered, Cloud App Security assigns a risk score based on 60+ parameters. This risk score is based on each individual app’s security mechanisms and compliance regulations. Here is what the Discover section of the Cloud App Security dashboard looks like.
Cloud App Security - Cloud Discovery page

Data control – Once applications have been discovered, Administrators can set controls for each app, and choose to sanction or block apps. Admins can also leverage what are calls App Connectors to monitor what happens in sanctioned apps. Policies are used to enable granular-control for approved apps. These policies are used to govern data in the cloud, such as files stored in cloud drives, attachments, or within cloud apps. Finally, the policies are enforced by Cloud App Security to help admins identify policy violations, investigate on a user, files, or activity level. When a policy is enforced it can quarantine files, remove permissions, block sensitive transactions, and more.

Threat protection – Ongoing threat protection enables Admins to identify anomalies in their cloud environment that could indicate a breach as well as leveraging behavioral analytics to assess risk in each transaction. Cloud App Security can also identify and stop known attack pattern activities originating from risky sources with threat prevention enhanced with the vast Microsoft threat intelligence capabilities.

Why do you need Cloud App Security

Cloud applications are in use by most enterprises today, and we will soon reach the time where more corporate data will be stored in the cloud than on-premises. Moreover, everyone is using the cloud, and even companies without official SaaS apps in use have substantial Shadow IT usage of cloud. We know from past customer surveys that over 80% of employees admitted to using unapproved SaaS apps for corporate usage.

Let me share some brand new data from Microsoft Cloud App Security that will help put the scope of the Shadow IT challenge that many organizations face, into perspective:

  • On average, each employee uses 17 cloud apps, but many organizations don’t know what is in use, or whether these apps meet security, privacy and compliance requirements
  • In 91% of organizations, employees grant their personal accounts access to the organization’s cloud storage
  • 70% of the organizations allow cloud admin activity from non-corporate, unsecured networks
  • 75% of privileged cloud accounts are not in use. These accounts might be eating up the cost of a license, or worse, increasing the attack surface of the organization
  • On average, an organization shares 13% of its files externally, of which 25% are shared publicly

For security teams, it is important to have deep visibility, strong controls and threat protection for cloud apps. That is why we created Cloud App Security: to provide you with an easy and comprehensive solution so you can gain visibility into your cloud app usage and start controlling it via policy.

Technical brief and Sign up

Cloud App Security integrates visibility with your cloud by

  • Cloud Discovery to map and identify your cloud environment and the cloud apps your organization is using
  • Sanctioning and unsanctioning apps in your cloud
  • Easy-to-deploy app connectors that take advantage of provider APIs, for visibility and governance of apps that you connect to
  • Allow you to have continuous control by setting, and then continually fine-tuning, policies

The architecture of Cloud App Security
clip_image001

Data retention & Compliance – Cloud App Security is officially certified with Microsoft Compliance for ISO, HIPAA, CSA STAR, EU model clauses and more. To see the full list of certifications go to Microsoft Compliance Offerings and select Cloud App Security. When Cloud App Security performs content inspection, data privacy is enforced. The file content is not stored in the Cloud App Security database; only the metadata of the file records and any violations that were identified are stored in the Cloud App Security database.

After data is collected from these sources, Cloud App Security runs sophisticated analysis on the data. It immediately alerts you to anomalous activities, and gives you deep visibility into your cloud environment. You can configure a policy in Cloud App Security and use it to protect everything in your cloud environment.

Cloud Discovery – Cloud Discovery uses your traffic logs to dynamically discover and analyze the cloud apps that your organization is using. To create a snapshot report of your organization’s cloud use, you can manually upload log files from your firewalls or proxies for analysis. To set up continuous reports, use Cloud App Security log collectors to periodically forward your logs.

Sanctioning and unsanctioning an app – You can use Cloud App Security to sanction or unsanctioned apps in your organization by using the Cloud app catalog. The Microsoft team of analysts has an extensive and continuously growing catalog of over 15,000 cloud apps that are ranked and scored based on industry standards. You can use the Cloud app catalog to rate the risk for your cloud apps based on regulatory certifications, industry standards, and best practices. Then, customize the scores and weights of various parameters to your organization’s needs. Based on these scores, Cloud App Security lets you know how risky an app is based on over 50 risk factors that might affect your environment.

App connectors – App connectors use APIs from cloud app providers to integrate the Cloud App Security cloud with other cloud apps. App connectors extend control and protection. They also give you access to information directly from cloud apps, for Cloud App Security analysis. To connect an app and extend protection, the app administrator authorizes Cloud App Security to access the app. Then, Cloud App Security queries the app for activity logs, and it scans data, accounts, and cloud content. Cloud App Security can enforce policies, detects threats, and provides governance actions for resolving issues.

Cloud App Security uses the APIs provided by the cloud provider. Each app has its own framework and API limitations. Cloud App Security works with app providers to optimize the use of APIs, and to ensure the best performance. Considering the various limitations that apps impose on APIs (such as throttling, API limits, and dynamic time-shifting API windows), the Cloud App Security engines utilize the allowed capacity. Some operations, like scanning all files in the tenant, require a large number of APIs, so they are spread over a longer period. Expect some policies to run for several hours or several days.

Policy control – You can use policies to define your users’ behavior in the cloud. Use policies to detect risky behavior, violations, or suspicious data points and activities in your cloud environment. If needed, you can use policies to integrate remediation processes to achieve complete risk mitigation. Multiple types of policies correlate to the different types of information you might want to gather about your cloud environment and the types of remediation actions you might take.

The following Firewall vendors are supported

  • Blue Coat
  • Cisco
  • Zscaler
  • Fortigate
  • Palo Alto
  • McAfee Secure Web Gateway
  • Check Point
  • Squid (Common)
  • Juniper SRX
  • Sophos SG

First let’s try some trial licenses first from http://www.cloudappsecurity.com/

image

image

Choose Sign up for your free trial.

image

It recognizes Office365 tenant so lets add it to existing tenant.

image

On the Office 365 Admin Portal we should see the trial licenses

image

And we should also see the new Cloud App Security Admin portal

image

(Visited 742 times, 1 visits today)

One thought on “Microsoft Cloud App Security (Adallom) Introduction

Comments are closed.