Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations.
This presentation covers the top Office 365-specific five CASB use cases that have the highest impact on cloud-consuming enterprises.
13. Use Case #1
Find sensitive data in
OneDrive and
SharePoint
Prevent sensitive data
leakage in Office 365
and to app ecosystem
14. 14
1. API connection to enable eDiscovery of
content in OneDrive and SharePoint
2. Inline deployment with ability to decode
traffic to get real-time visibility and control
over activities in Office 365 suite
3. Ability to associate personal and corporate
cloud app account credentials
4. Ability to cover web browsers, OneDrive
sync client, Office mobile apps, and apps in
O365 ecosystem
5. Cloud DLP engine to identify sensitive
content in and enroute to and from O365
CASB
Requirements
16. 16
1. Inline deployment options to get
access to Outlook.com traffic in real-
time
2. Ability to decode details in real-time
about activity and data connected to
Outlook.com
3. Cloud DLP engine to identify
sensitive content being sent in
Outlook.com email body and
attachments
4. Ability to cover both web browsers
and mobile apps
CASB
Requirements
18. 18
1. Ability to classify managed
vs. unmanaged devices
2. Ability to set granular
policies based on device
classification
3. E.g. “only allow full Outlook
access for managed
devices and force OWA for
unmanaged”
CASB
Requirements
19. Use Case #4
Find data exfiltration
going from Office 365 to
unsanctioned apps
Source: AT&T Cybersecurity Insights
20. 20
1. Inline deployment options to get
access to both Office 365 and
unsanctioned cloud traffic
2. Ability to decode details in
real-time about activity and data
3. Ability to correlate events and
perform anomaly detection
4. Need to see cloud usage details
from browsers, OneDrive sync
clients, and Office 365 mobile
apps
CASB
Requirements
21. Use Case #5
Find malware in
OneDrive and
SharePoint and
quarantine it
22. 22
1. Ability to scan SharePoint sites and
OneDrive for various malware types and
quarantine the malware
2. Ability to replace the eradicated malware
with a tombstone file, letting the user know of
the action taken
CASB
Requirements
Official Gartner definition: CASBs are on-premises, or cloud-based, security policy enforcement points placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement. Example security policies include authentication, SSO, authorization, credential mapping, device profiling, encryption, tokenization, logging, alerting, malware detection/prevention and so on.
There are more than 900 cloud apps per enterprise, on average. If we look at how these applications make their way into the enterprise, about 10% are sanctioned by IT and include apps such as Office 365, Salesforce, Box, and a variety of business applications. IT often doesn’t know about the other 90%. Those fall under the Shadow IT category. Shadow IT is created by apps being brought in by users and lines-of-business, who today feel more empowered than ever because apps are easy to get and use. Whether sanctioned or Shadow IT, many of these apps has an important, and sometimes critical, role to play in the success of your organization.
The real question, though, is how much of your data is in these apps? What do you think?
Last year we did a study with Ponemon to examine the impact the cloud has on the probability and economic impact of a data breach. One of the question we asked IT and security professionals was how much business data they believe is in the cloud. Their (self-reported) estimate is about 30 percent.
Whether it’s 30 percent or more than that, it’s only going up from here.
Discover Cloud Apps and Assess Risk
Discovery is often the starting point for many of our customers. Netskope’s advanced Discovery can help you assess your risk, do due diligence on new cloud apps that you may be considering bringing into your organization, or perhaps getting your arms around what your cloud spend is.
Step 2: The next step is to understand how those cloud apps are being used. You need visibility into the details of what the activities are taking in account contextual details such as the app, user, specific activity, and device that was used.
Netskope provides the most powerful cloud DLP solution. Not only does it support for than 3,000 data identifiers, 500+ file types and advanced features like proximity and Exact Match, but you can also uniquely apply our DLP and leverage deep context to scan content tied to a real-time activity for both sanctioned and unsanctioned apps as well as content that is resident in sanctioned apps.
This demo is the first phase of our Active Threat Protection, which is about finding and quarantining malware in sanctioned cloud apps. We recently announced Active Threat protection, supporting the ability to find and remediate malware and threats in real-time as they are uploaded, downloaded, or shared across unsanctioned or sanctioned cloud apps.
Here, in summary, are my 6 steps. I am confident if you follow these, you will have a safer cloud experience.