A Cloud Access Security Broker (CASB) is one of the solutions available to help you manage shadow IT. A CASB extends your security policies into the cloud. It starts by giving you a detailed picture of what cloud applications employees are using and provides you with the tools to control that usage and protect your organisation.
In our previous blog posting on shadow IT, we outlined a point plan to help deal with it. Here’s how a CASB can help you execute against that plan.
A good Cloud Access Security Broker solution starts by first discovering all the cloud applications in your network, from all devices and then providing a detailed risk assessment for each service discovered. Some CASBs rely on installing agents on all company devices, a process that is both cumbersome and ineffective in the age of BYOD.
A more modern approach relies on collecting information from firewalls and proxies. Some solutions assign cloud services an individual risk score, allowing IT to see how their organisation is operating in the cloud and to determine which apps to sanction.
Even after you have an approved list of sanctioned apps, you want to maintain control over how they are being used. This is especially important if your organisation operates in a highly regulated industry, such as finance, healthcare or government.
A Cloud Access Security Broker should allow you to set and enforce granular policies to provide IT with comprehensive control over sanctioned apps. It should automate enforcement of your policies. For example, the CASB solution can detect if a user is trying to share a set of sensitive data and automatically restrict the ability to share that data with users outside of your organisation who shouldn’t have access to critical company data.
You should be able to use these controls to extend any existing enterprise DLP policies to your SaaS applications and to run dynamic reports on violations of your policies.
With comprehensive visibility into how employees are using the cloud, a CASB should then provide you with ongoing, enhanced threat protection for your cloud apps and help you stay ahead of cyber threats.
Every Cloud Access Security Broker vendor provides a different level of threat detection. At the advanced level, you can expect machine learning to learn how each user interacts with each SaaS app and behavioural analytics that can then assess the level of risk in each transaction.
This might include impossible use scenarios, such as simultaneous logons from two countries, or other suspicious behaviour such as the sudden download of terabytes of data, or multiple failed logon attempts— which may signify a brute force attack.
Meeting the challenge of shadow IT with a Cloud Access Security Broker
So, better visibility, control, and protection can help you manage shadow IT. In addition, IT must work with employees to establish a SaaS policy that aligns to business goals.
It is also important to keep an open dialogue with line of business managers that allows them to evaluate SaaS options and aims to provide employees with secure access to a broad range of SaaS apps. Once you have established a realistic SaaS policy, communicate it broadly to the company and work with business leaders to share these policies with their groups.
To find out more about how Microsoft Cloud App security can help you manage shadow IT, contact us.