More organizations are moving their data out of their data centers and into the cloud, which complicates IT's efforts to keep track of applications in use. With the new Microsoft Cloud App Security within Microsoft Azure, IT and security teams can step up application discovery and apply controls in line with existing security, privacy, and compliance policies.
Most enterprises rely on cloud applications, whether or not they are officially sanctioned. Shadow IT is pervasive, with employees signing up for SaaS applications on their own without first going through IT. According to Microsoft's statistics, an employee uses 17 cloud applications on average, and an organization shares 13 percent of its files externally, of which a quarter are shared publicly. Business units do what they must to get the job done, but IT is left in the dark about what applications employees use and where corporate data is stored.
Security teams need deep visibility, strong controls, and threat protection for cloud applications. That's where Cloud App Security, originally announced in February and now generally available, comes in. To use Cloud App Security, organizations will need a Microsoft Azure subscription, which supports Azure Rights Management (RMS), such as Office 365.
"Microsoft Cloud App Security brings the same level of visibility and control that IT departments have in their on-premises network to their SaaS applications, including apps like Box, Salesforce, ServiceNow, Ariba, and of course Office 365," Microsoft said.
Simply upload network logs from any supported egress network device, and Cloud App Security provides a detailed list of all the applications in use. Supported devices include firewalls and proxies from most major vendors, among them Blue Coat, Cisco, Zscaler, Fortigate, Palo Alto, Check Point, Websense, Juniper, and Microsoft's own Forefront Threat Management Gateway. There is also a way to set up an automatic collector to upload logs and refresh the list of applications periodically.
More than app discovery alone
For application discovery to be useful, IT needs more than a list of applications in operation. Knowing who is using the application and from which device is necessary, as well as whether the application fits the organization's security, privacy, and compliance requirements. But there are thousands of cloud applications, and IT can't always know the risk of running a given app.
When Cloud App Security generates a list of applications used on the network, it also attaches a risk score for each app, giving IT and security teams a starting point for risk assessment. The risk score is based on Microsoft's cloud app catalog, which rates more than 13,000 cloud applications based on regulatory certifications, industry standards, and best practices. IT can then tweak the scores to reflect the organization's needs. They can choose to sanction or unsanction applications based on the risk scores.
Sign up for CIO Asia eNewsletters.