Skip to main content
Microsoft Security

A better cloud access security broker: Securing your SaaS cloud apps and services with Microsoft Cloud App Security

Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers (CASB). The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security responsibilities for cloud apps are shared between you and the cloud application or cloud provider, there’s a chance that some key security practices may be overlooked.

Beyond the areas where your IT team or the platform provider are responsible for security, some SaaS apps and services may fall into an unprotected gray zone. According to the shared responsibility model, IT teams are responsible for securing their organizations’ identity and access management (IAM), network resources, endpoints, devices, passwords, and more. But there’s currently not much clear guidance around SaaS Security Posture Management (SSPM). That’s where the right CASB can make the difference.

How the right CASB can help

A CASB is designed to analyze session traffic to and from the cloud, as well as highlight risks and block inappropriate access. With so many people now working remotely on personal devices, a CASB helps ensure that users accessing your cloud apps (having been properly authenticated by your identity provider) have the rights and permissions to use the selected app—provided it’s from an allowed device, and the session adheres to any other policy conditions defined by your organization.

To accomplish all this, a CASB usually provides three primary services—app discovery and management, secure access to all your apps, data protection, and threat protection. App discovery tells you which cloud apps the employees in your organization are accessing and helps you decide how to manage those apps. Data protection ensures that your people aren’t accessing, using, and sharing sensitive data, and threat protection helps defend against inappropriate use of applications through malware, ransomware, or other threats.

A diagram showing the Microsoft Cloud App Security and its integration with CSAB solutions

For a large healthcare organization such as St. Luke’s, adopting Microsoft Cloud App Security enabled them to allow or block apps based on compliance with the Health Insurance Portability and Accountability Act (HIPAA) and reduce the possibility of leaked patient data.

“One of our challenges prior to deploying Cloud App Security was detecting shadow IT,” said Erin Boris, Information Security Strategic Specialist at SLUHN. “Gaining that visibility through Cloud App Security helps us with software inventory, app rationalization, and most importantly, data loss prevention.”  

Bridging the gap

SaaS Security Posture Management is a solution category that is part of the broader security posture management umbrella of features, specifically protecting SaaS products such as Office 365, Google Workspace, or Salesforce.

Gartner included SaaS Security Posture Management in the 2020 Gartner Hype Cycle for Cloud Security, defining SaaS Security Posture Management as “tools that continuously assess the security risk and manage the security posture of SaaS applications—offering suggestions for improved configuration to reduce risk.”

A CASB should help your team discover all SaaS apps within its purview, then determine which are shadow IT (a potential attack surface and a vector for malware). SaaS Security Posture Management takes it one step further to identify the abuse of these apps, identify misconfigurations, track configuration changes, and deploy automatic remediation to prevent data leakage and damage. SaaS Security Posture Management also covers SaaS storage, file sharing, and collaboration apps, which can be sources of data leakage.

The Microsoft Cloud App Security difference

Microsoft Cloud App Security helps secure all your cloud apps using sophisticated analytics to combat cyber threats across both cloud-native and on-premises apps and services, Microsoft and non-Microsoft alike. Recognized as a Leader in Gartner Magic Quadrant for Cloud Access Security Brokers2, Cloud App Security addressed key features this way:

According to Forrester’s recent Total Economic Impact (TEI) study, Cloud App Security also helps customers save time and resources—delivering 151% ROI over three years and less than 3-month payback. Other key findings include: 

In all of your efforts to protect your cloud apps, Microsoft Cloud App Security delivers an easy and flexible solution with a basic investment of 15 hours to deploy. You’ll benefit from recommendations for your cloud security posture (based on Center for Internet Security standards), as well as suggestions on risk scoring for apps, connected information protection, labeling and encryption, and granular session controls from start to finish of every session. And Cloud App Security can grow incrementally, enabling the perfect balance between security for your organization and productivity for your users.

Learn more

For further information on how your organization can benefit from Microsoft Cloud App Security, connect with us at the links below:

Follow the Microsoft Cloud App Security Ninja blog and learn about Ninja Training.

Go deeper with these interactive guides:

To experience the benefits of full-featured CASB, sign up for a free trial—Microsoft Cloud App Security.

Follow us on LinkedIn at #CloudAppSecurity. To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity on Twitter, and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity.


¹Netskope report, 2018

2Gartner Magic Quadrant for Cloud Access Security Brokers, Craig Lawson, Steve Riley, October 28, 2020.

The Gartner document is available upon request from Microsoft.

Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.