Join Pete Zerger for an in-depth discussion in this video What is Cloud App Security (CAS)?, part of Microsoft Cybersecurity Stack: Securing Enterprise Information.
- [Instructor] Microsoft Cloud App Security, or MCAS, is a cloud service and a critical component of the Microsoft Cloud Security stack that can help your organization as you move to take full advantage of cloud applications, but provide control through improved visibility into cloud activity. It also helps increase the protection of critical data across cloud applications. MCAS also includes tools that help uncover shadow IT, assess risk, enforce policies, investigate activities, and stop threats so your organization can more safely move to the cloud while maintaining control of critical data.
The MCAS framework includes a number of key capabilities including cloud discovery. We can discover all cloud use in our organization including shadow IT with reporting, control and risk assessment. Data protection, we can monitor and control our data in the cloud gaining visibility into use, enforcing our data loss prevention policies, alerting, and investigation. MCAS in fact has it's own DLP engine, separate from Office 365, but integrated with that platform.
Threat protection, we can detect anomalous use and security incidents and using behavioral analytics and advanced investigation tools in MCAS to mitigate risk, set policies, and drive alerts to achieve maximum control over our cloud network traffic. The discovery engine in MCAS leverages logs from firewalls and proxies in our organization to determine what apps are being used. It can discover 13,000 plus applications today.
No client-side agents are required, ensuring the discovery process doesn't block production systems. Discovery is also able to automatically ingest log data on a regular basis to ensure always up-to-date information. Once our apps have been discovered, MCAS assigns a risk score based on more than 60 parameters. This risk score is based on each individual app's security mechanisms and compliance regulations. The MCAS catalog is updated frequently and allows us to offer feedback on ratings if ever we see a discrepancy or a gap.
Now once applications have been discovered, administrators can set controls for each app and choose to sanction, think approve, or block apps through policies. You can sanction and block apps in your cloud to align with your corporate standards. And when a policy is enforced, it can quarantine files, remove permissions, block sensitive transactions, and more. You have continuous control by setting and then continually fine-tuning policies. You can use policies in MCAS to define your users behavior in the cloud.
And you can use these policies also to detect risky behavior, policy violations, or suspicious data points and activities in your cloud environment. If needed, you can use policies to integrate remediation processes to achieve complete risk mitigation. The multiple types of policies correlate to the different types of information you might want to gather about your cloud environment and the types of remediation actions you might want to take. MCAS includes app connectors that take advantage of provider APIs for visibility and governance of apps that you connect to and DLP policy enforcement.
MCAS includes connectors for Office 365, Box, Okta, Google's G Suite, ServiceNow, Salesforce, Dropbox, and Amazon web services today. For some apps, it might be necessary to whitelist addresses to enable MCAS to collect logs and provide access for the MCAS console. For each app that you want to connect with the cloud apps security API integration, Microsoft recommends creating an admin service account dedicated to MCAS.
Ongoing threat protection enables admins to identify anomalies in their cloud environment that could indicate a breach as well as leveraging behavioral analytics to assess risk in each transaction. Cloud app security can also identify and stop known attack pattern activities originating from risky sources with threat prevention enhanced with the Microsoft threat intelligence capabilities of the intelligence security graph. MCAS has deployed in Azure and fully integrated with Azure ExpressRoute.
All interactions with the MCAS apps and traffic sent to MCAS including upload of discovery logs is routed via ExpressRoute public peering for improved latency, performance, and security. There are no configuration steps required from the customer side. Currently, customers licensed for Office 365 E5, get a subset of MCAS functionality as part of their plan. They don't get the automated log collection from on-premises and visibility is limited to productivity related apps, not the full 13,000 app catalog.
In this course—the third installment in the series—Microsoft MVP Pete Zerger demonstrates how to leverage the Microsoft cybersecurity stack to more effectively protect corporate information—on any device and in any cloud. Pete explains how to use Azure Information Protection (AIP) to protect information, as well as how to secure data on mobile devices. Plus, he covers identifying and controlling shadow IT, securing structured data in Azure, and more.
- Securing information on any device
- What is Azure Information Protection (AIP)?
- Configuring classification and labeling
- Classifying and protecting data in bulk
- Challenges of securing data on mobile devices
- Data loss prevention (DLP) on mobile devices
- Identifying and controlling shadow IT
- Securing collaboration and DLP
- Configuring dynamic data masking
- Protecting Azure SQL with SQL Threat Detection