Matt Suiche of Magnet Forensics talks about top security threats for organizations and strategies for effective incident response.
Today’s business uses an average of 1,180 cloud apps¹, with many of those organizations securing their apps through cloud access security brokers (CASB). The organizational need for a CASB has grown alongside the use of cloud apps to enable remote work and greater user productivity. When security responsibilities for cloud apps are shared between you and the cloud application or cloud provider, there’s a chance that some key security practices may be overlooked.
Beyond the areas where your IT team or the platform provider are responsible for security, some SaaS apps and services may fall into an unprotected gray zone. According to the shared responsibility model, IT teams are responsible for securing their organizations’ identity and access management (IAM), network resources, endpoints, devices, passwords, and more. But there’s currently not much clear guidance around SaaS Security Posture Management (SSPM). That’s where the right CASB can make the difference.
How the right CASB can help
A CASB is designed to analyze session traffic to and from the cloud, as well as highlight risks and block inappropriate access. With so many people now working remotely on personal devices, a CASB helps ensure that users accessing your cloud apps (having been properly authenticated by your identity provider) have the rights and permissions to use the selected app—provided it’s from an allowed device, and the session adheres to any other policy conditions defined by your organization.
To accomplish all this, a CASB usually provides three primary services—app discovery and management, secure access to all your apps, data protection, and threat protection. App discovery tells you which cloud apps the employees in your organization are accessing and helps you decide how to manage those apps. Data protection ensures that your people aren’t accessing, using, and sharing sensitive data, and threat protection helps defend against inappropriate use of applications through malware, ransomware, or other threats.
For a large healthcare organization such as St. Luke’s, adopting Microsoft Cloud App Security enabled them to allow or block apps based on compliance with the Health Insurance Portability and Accountability Act (HIPAA) and reduce the possibility of leaked patient data.
“One of our challenges prior to deploying Cloud App Security was detecting shadow IT,” said Erin Boris, Information Security Strategic Specialist at SLUHN. “Gaining that visibility through Cloud App Security helps us with software inventory, app rationalization, and most importantly, data loss prevention.”
Bridging the gap
SaaS Security Posture Management is a solution category that is part of the broader security posture management umbrella of features, specifically protecting SaaS products such as Office 365, Google Workspace, or Salesforce.
Gartner included SaaS Security Posture Management in the 2020 Gartner Hype Cycle for Cloud Security, defining SaaS Security Posture Management as “tools that continuously assess the security risk and manage the security posture of SaaS applications—offering suggestions for improved configuration to reduce risk.”
A CASB should help your team discover all SaaS apps within its purview, then determine which are shadow IT (a potential attack surface and a vector for malware). SaaS Security Posture Management takes it one step further to identify the abuse of these apps, identify misconfigurations, track configuration changes, and deploy automatic remediation to prevent data leakage and damage. SaaS Security Posture Management also covers SaaS storage, file sharing, and collaboration apps, which can be sources of data leakage.
The Microsoft Cloud App Security difference
Microsoft Cloud App Security helps secure all your cloud apps using sophisticated analytics to combat cyber threats across both cloud-native and on-premises apps and services, Microsoft and non-Microsoft alike. Recognized as a Leader in Gartner Magic Quadrant for Cloud Access Security Brokers2, Cloud App Security addressed key features this way:
- Shadow IT discovery: Discover and manage unauthorized access that can put your security at risk via integration with Microsoft Defender for Endpoint, or also leverage your firewall and secure web gateway, and then choose to sanction or unsanction apps.
- Information protection: Gain the power to enforce complex information and data loss prevention (DLP) policies across third-party apps through deep integration with Microsoft Information Protection, combined with the reverse proxy capabilities of Microsoft Cloud App Security.
- Threat protection: Leverage the protection of the independent threat protection capabilities in MCAS, including our own UEBA capabilities as well as the native integration with Microsoft Defender suite, which includes Microsoft Defender for Endpoint, Microsoft Defender for Office, and Microsoft Defender for Identity to provide a unified view into devices, Office apps, and identities across on-premises and cloud resources. Monitor behaviors and blocking nefarious content.
- Secure access: Connect with Azure Active Directory (Azure AD) to enforce and monitor access and session policies (such as leveraging conditional access from Azure Active Directory) across all managed cloud resources.
- Security Posture Management: the recommendations and security practices that ensure each organization has intentionally set aside a standard of practices and then receives and implements the practices that help them achieve their goals.
- CSPM: Cloud Security Posture Management provides multi-cloud security recommendations for the various workloads across IaaS such as AWS, GCP, and Azure.
- SSPM: SaaS Security Posture Management helps secure multi-app environments and provide discovery for your SaaS apps, helping you identify misconfigurations, as well as track user activity and configuration changes—all to protect your data and to keep you compliant.
According to Forrester’s recent Total Economic Impact (TEI) study, Cloud App Security also helps customers save time and resources—delivering 151% ROI over three years and less than 3-month payback. Other key findings include:
- 80 percent reduction in time to monitor, assess, and govern cloud application portfolio risks.
- 75 percent elimination of threats automatically due to increased visibility and automated threat protection.
- 40 percent reduction in the likelihood of a data breach, with potential savings of more than $1.6 million over three years.
- 90 percent reduction in hours required to audit cloud apps.
In all of your efforts to protect your cloud apps, Microsoft Cloud App Security delivers an easy and flexible solution with a basic investment of 15 hours to deploy. You’ll benefit from recommendations for your cloud security posture (based on Center for Internet Security standards), as well as suggestions on risk scoring for apps, connected information protection, labeling and encryption, and granular session controls from start to finish of every session. And Cloud App Security can grow incrementally, enabling the perfect balance between security for your organization and productivity for your users.
For further information on how your organization can benefit from Microsoft Cloud App Security, connect with us at the links below:
- Join the conversation on Tech Community.
- Stay up to date—subscribe to our blog.
- Download Top 20 use cases for CASB.
- Search documentation on Microsoft Cloud App Security.
- Understand your licensing options.
- Upload a log file from your network firewall or enable logging via Microsoft Defender for Endpoint to discover Shadow IT in your network.
- Connect your cloud apps to detect suspicious user activity and exposed sensitive data.
- Enable out-of-the-box anomaly detection policies and start detecting cloud threats in your environment.
- Continue with more advanced use cases across information protection, compliance, and more.
Go deeper with these interactive guides:
- Discover, protect, and control your apps with Microsoft Cloud App Security.
- Detect threats and manage alerts with Microsoft Cloud App Security.
To experience the benefits of full-featured CASB, sign up for a free trial—Microsoft Cloud App Security.
Follow us on LinkedIn at #CloudAppSecurity. To learn more about Microsoft Security solutions visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity on Twitter, and Microsoft Security on LinkedIn for the latest news and updates on cybersecurity.
¹Netskope report, 2018
2Gartner Magic Quadrant for Cloud Access Security Brokers, Craig Lawson, Steve Riley, October 28, 2020.
The Gartner document is available upon request from Microsoft.
Gartner does not endorse any vendor, product, or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.