Organizations using Office 365 can see which other cloud services are running, how users are collaborating on documents, and how much data is uploaded to applications and services outside of Office 365. Cloud App Security powers Office 365 app permissions, which lets IT approve or revoke permissions of third-party applications trying to access Office 365 data.
Apply security policies to applications
Discovery is only the first step, since IT and security teams can't simply know what is being used; they need to be able to secure the data within that application. Cloud App Security takes care of that by "connecting" to applications so that IT can investigate how the application is being used and apply controls.
For example, Microsoft said that 70 percent of organizations allow users to perform administrator tasks on the cloud applications from noncorporate and unsecured networks. IT can set policies to restrict who can perform cloud admin activities and from which devices. Microsoft said that more than 90 percent of organizations allow employees to use their personal accounts to access corporate cloud storage.
Microsoft noted that 75 percent of privileged cloud accounts aren't being used. This suggests that some users have heightened privileges and are performing specialized tasks from their own accounts. If that user gets compromised, via a phishing attack or brute-forcing weak credentials, the attacker will be able to cause more damage.
App connectors rely on the cloud application's APIs to query the cloud application for activity logs and pull that information into Cloud App Security for analysis. Once connected, an OAuth token is created and Cloud App Security can scan accounts and data stored in the service. IT will be able to create and enforce policies for data loss prevention, access management, file sharing controls, and more.
More data is moving to the cloud, a significant portion of it in unauthorized cloud applications. But that doesn't mean they can't be managed. Instead of trying to restrict access to the applications entirely, IT can use new tools to extend policies and controls to wherever the data is residing.
Sign up for CIO Asia eNewsletters.