cloud services shadow it assessment & monitoring … it assessment & monitoring ... analyze...
TRANSCRIPT
Cloud ServicesRisk Assessment ReportShadow IT Analytics & Business Readiness Ratings
November 1, 2014Based on all data sources from October 1, 2014 to October 31, 2014
Shadow ITAssessment & Monitoringwith Elastica CloudSOC™ & Audit
File Sharing
Social & Collaborative
What the IT Dept sees and controls
Email & Productivity
What the IT Dept typically doesn’t see and control
40-50 apps
774 apps
PER
CEP
TION
REA
LITY
Use of SaaS and cloud services is growing at a staggering pace, fueled by their ease of adoption, ability to be deployed rapidly, cost benefits, and support for convenient collaboration. While organizations may consciously embrace select cloud applications, others are often introduced by employees in an ad-hoc manner to aid business productivity or for personal applications.
This creates a “Shadow IT” problem for CIOs as they lack visibility into the unsanctioned SaaS app usage within their enterprises. From an infosec standpoint, this lack of visibility creates a risk exposure for the enterprise as the IT department can’t protect what it can’t see. As the movement towards User-centric IT grows, CIOs also need to understand which cloud applications are being adopted by employees and determine if they may be safe for use within the enterprise.
2
Elastica’s Audit application finds and monitors all the cloud apps being used in your organization and highlights any risks and compliance issues these may pose. Audit is a powerful tool for making intelligent decisions about which cloud apps organizations should embrace and which should be avoided.
Elastica Audit How The Solution Works
The Elastica Audit application ingests logs from firewalls and other security proxy devices to perform its analysis. In order to meet privacy needs and regulations, customers can also anonymize and compress log information with Elastica’s on-premises virtual appliance SpanVA, prior to log streaming. Logs are processed and results are available in the Elastica CloudSOC Audit App.
Overview
Uncover Shadow ITGain visibility into all the cloud apps used within your company and their detailed Business Readiness Ratings™.
Analyze Your Cloud Risk ProfileGet executive reports regarding your organization’s risk profile tailored to your unique requirements.
Make Smart Cloud App ChoicesPerform comparisons among alternative cloud apps and continuously monitor usage for compliance enforcement.
AUDITShadow IT & Shadow Data Risk
DETECTIntrusions in cloud apps account
PROTECTagainst intrusions in cloud apps accounts
INVESTIGATEincidents & respond
StreamIQ™
Business Readiness Rating™
ThreatScore™
ContentIQ™Logs fromSecurity Devices
Cloud App TElastica Gateway
Securlets™
3
FeaturesShadow IT Risk Assessment
Finds and monitors all cloud applications used in your organization and highlights any risks and compliance issues 86
Business Readiness Rating
Automatically rates each cloud application discovered in your organization, based on 60+ objective metrics
Risk Categorization
Categorizes your apps into high, medium or low-risk categories
Zing Drive Box Google Drive
Comparative Analysis
Finds alternatives for high-risk apps (or any app), and performs intuitive side-by-side comparisons
Easy Data Export
analysis and processing
Scheduled Reports
Delivers periodic reports via email to critical stakeholders in the organization
Don’t care
Must have
Nice to have
Important
Customized Ratings
Enables customization of criteria weighting, to have ratings uniquely match your organization’s needs
Zing DriveUsage Analysis
Reveals how frequently each cloud app is used and by whom, identifying opportunities for streamlining and cost reduction
Identifies “New” apps employees have introduced that may be risky
Advanced Visualization
Quickly zooms into the information you are looking for with easy-to-use filters, pivot views, and time scale adjustments
Cloud Services Risk Assessment Report
Provides a comprehensive report with executive summaries along with a list of discovered services and recommendations
Access Enforcement Policies
Allows remediation at the proxy or firewall through blocking of non-IT approved apps
4
The Elastica Audit App addresses IT security’s most pressing needs. Some key use cases are:
As a security admin, I’d like to identify SaaS apps that can pose a risk to my company – apps discovered in my organization that lack tighter security controls, users of these apps, and other usage details.
With the Elastica Audit App, you can quickly identify risky services that your employees have adopted or started using recently, as well as identify the employees using these services. Moreover, you can discover why each app is risky, as measured against over 60+ objective security attributes.
The Elastica CloudSOC Audit application analyzes your company’s proxy and firewall logs to provide an executive summary and identify the cloud services in use. Along with several prioritized views such as “most risky services” and “most used services”, you can instantly generate a cloud service risk assessment report that will provide deeper insights into risks and usage, and monitor their trends over time.
We are a global company with 40,000
of the world. As a CISO/CIO, I have little visibility into the scale and impact of Shadow IT and need to know which SaaS services are being used in my company.
1 Month Generate Audit ReportDecember 1, 2014 - December 31, 2014
Your Audit Score
56
Access 52
Service 89
Informational 48
Data 31
Compliance 30
Business 82
Administrative 51
421SaaS Services
Top Risky Services
Feedbackify!
Top Users
Destinations (3)
192.168.1.24
Feedback Management
281Users
at medium or higher risk(189 services)45% 887
Users145Destinations
1 18
PusherRealtime Messaging
145Users
114Sessions
23.5MB
192.168.1.14 43Sessions
22.5MB
192.168.1.4 56Sessions
13.9MB
192.168.1.25 173Sessions
14.0MB
192.168.1.5 136Sessions
13.9MB
Feedbackify!Feedback Management
2 25
PluralsightIT Training, Developer Training
98Users
3 33
BitcasaFile Sharing
92Users
4 28
Security MetricsHosted Vulnerability Scanners
281Users
5 50
AdvertServeInventory Management
281Users
6 65
CompeteBusiness Intelligence, Digital Marketing
145Users
7 43
InsighteraPredictive Alerts
98Users
8 25
goroostDesktop Alerts
92Users
9 65
ComscoreMarketing Analytics, Brand Management
281Users
10 50
ChannelAdvisorE-Commerce
281Users
11 30
JanrainSocial Media Management
243Users
12 33
Audit
Summary Services Users Destinations
NEW SERVICES
18 of these services (10%) are new services
USERS
1,189 of 2,230 users (53%) use these services
CATEGORIES
7 of 14 categories (50%) belong to these services
DATA UPLOAD
45GB of 241GB uploads (19%) to these services
DATA DOWNLOAD
128GB of 609GB downloads (21%) from these services
SESSIONS
138,000 of 431,250 sessions (32%) are by these services
DESTINATIONS
3 of 30 destinations (10%) host these services
MOST USED SERVICES
54 of these services (29%) are used by at least 20% of users
out of 421 services (45%)are at medium or higher risk189
5
Now that I’ve identified the unsanctioned cloud apps in my organization, how can I take action to block them?
With Elastica CloudSOC, you can block unapproved cloud services discovered using the Elastica Audit App while letting employees use apps that meet internal security guidelines. With this solution, you can embrace Shadow IT and adapt to your employees’ and business unit needs.
Elastica’s research team has analyzed thousands of cloud apps using 60+ objective information security attributes. You can modify the prioritized weighting of these attributes to match your organization’s internal security requirements (e.g., critical feature vs nice to have), or use the default settings. A “Business Readiness Rating” is then computed and assigned to each cloud service. Each service is also mapped to respective categories such as file sharing or CRM. The “Compare Services” feature in the Elastica Audit App allows side-by-side comparisons and dramatically reduces the CSP vendor evaluation time.
Our business units are adopting cloud services to automate their processes. Evaluation of the cloud service providers (CSPs) they are using is a time-consuming activity which involves collection of many data points and performing risk assessments of the services. Is there an easier way?
Protect
Policies Blocks Alerts ContentIQ
Policy Name
Activity 19dec Any Any - 84ThreatScore/Incident
ServicesRules Response Actions
Showing 129 of 129
Users Content Types ThreatScore
Search
Active and High ThreatScore 3 1 - 90ThreatScore/Incident
AccountingBlock 1 Any Any -File Exposure
Business_5236_2 Any Any - AnyAccess Enforcement
CloudRisk 2 Any - 70Access Enforcement
DS GW Policy 1 2 4 33File Sharing–Gateway
FileTransferInspection 1 Any Any 70File Transfer–Gateway
FS GW Policy Any 3 2 AnyFile Sharing–Gateway
High ThreatScore Block AnyExcept 2
Except 3
2 - AnyThreatScore/Incident
HR BLOCK Any Any - 80Access Enforcement
HR Folder Content Any 1 -File Exposure
HR Threat 2 Any - 82ThreatScore/Incident
Incident Monitor 4 3 - 75ThreatScore/Incident
JS Share Block Any Any Any -File Exposure
Manage access 1 Any - AnyAccess Enforcement
Other
AnyExcept 3
AnyExcept 3
-
-
-
-
-
Select All
Create New
Compare Services
All of the Above Search within categories
OneDrive 87 ShareFile 87 Syncplicity 87 Google Drive 87 Google DriveBox 87
Service Comparison ZingDrive 38
REMOVE ALL
OneDrive 87
REMOVE REMOVE REMOVE
ShareFile 87 Box 82
Access 28 90 100 90
Federated Identity Management
OAuth support
SAML support
OpenID support
100 100 100 100
Multi-factor Authentication
Multi-factor authentication via SMS
Multi-factor authentication via USB Token
Multi-factor authentication via Smartcard
Multi-factor authentication via secondary email
Multi-factor authentication via Mobile App
1 100 100 100
Federated Identity Management
Utilizes CAPTCHA
Protection from multiple failed logins None
1 100 100 100
Account Lockout Account Lockout
6
You can identify discovered SaaS services by category and monitor adoption of these services. By comparing these services across attributes that matter to your organization, your IT team can be well-informed in making recommendations to business units for potential alternative apps. This data can also be used to facilitate the consolidation of multiple accounts with the same SaaS provider into a single account to achieve a better discounts and reduce IT complexity.
I’m concerned that we are wasting money, with many disparate groups using a variety of cloud apps to provide similar functions. Is there a way to identify this
agreements, trim business costs, and simplify IT management?
provide advanced security functionality for specific cloud apps such as Box, Google Drive, and Office 365. You can protect corporate assets stored in these apps by detecting and remediating risky exposures including those related to personally identifiable information (PII), Payment Card Information (PCI), Protected Health Information (PHI), source code, financial, or other sensitive types of data. Elastica Securlets also detect malicious user activity, and provide policies and controls to prevent data leakage.
me deeper insights into an individual SaaS app such as Box? I’m specifically concerned about the 10 million files and 50,000 folders I have stored in it. How do I know which users are at highest risk for exposing sensitive content?
Audit
Summary Users DestinationsServices
1 Month DEC 22, 2014 - JAN 20, 2015
1 1 1
249SaaS SERVICES
90MEDIUM RISK
233USERS/IP ADDRESSES
233USERS/IP ADDRESSES
127HIGH RISK
(Showing daily counts)
EXPORT CSV Search within categories
Rating Name Sessions
112k
4k
280
385
1k
5k
737
736
111k
15.7 GB
2.5 GB
1.8 GB
609.4 MB
293.9 MB
281.6 MB
217.9 MB
199.3 MB
2.2 GB
224
143
85
35
64
3
67
84
112
9
1
3
2
3
3
1
5
8
1
1
1
1
1
1
1
1
1
6mins 30s
19s
25s
16mins 22s
5mins 18s
3mins 15s
2mins 16s
2mins 5s
43s
Users Destinations Platform Avg Duration
77
92
50
80
65
33
80
87
40
Google AdSense
Amazon S3
Bitdefender
Dropbox
GitHub
Cyfe
Amazon Cloudfront
Amazon Web Services
Liverail
Advertising, Embedded
Storage, Embedded
Security, Embedded
Storage, File Sharing
Code Hosting
Monitoring
CDN, Embedded
PaaS, IaaS
Advertising, Embedded
Document OwnerActivityCount
RisksPCI PII HIPAA Source
CodeContent
IQIn Ex Pub
ExposuresSize
Showing 20 of 21,829
KB
KB
B
B
B
KB
KB
KB
1
1
1
1
1
1
1
1
1.5
10.9
889
1020
0.0
2.0
1.3
4.7
-complex_header.js
-complex_header.php
-iDraw.js
-iDraw.js
0-Dashboard
03_Network Media Perform...
0498ss899019.html
BoxSecurlet for
EXPORT CSV
Search within categories
ActivitiesOther RisksExposed Files Exposed Users
Exposures
12,047Public
3,409External
6,393Internal
Risk Type Content Type
PCI124
PII27
HIPAA124
Source Code142
Virus/Malware3
On-prem DLP0
Encrypted/Compressed2
Internal External
530Computing
126Business
124Engineering
5Health
4Legal
0Design Doc
Options
Show overview video | Learn More
INTERNALLY OWNED
JS
JS
JS
HTML
XLS
HTML
7
Auditshadow IT
Detectthreats
Protectdata
Investigatetransactions
Data Science Powered™ Cloud App SecurityElastica is the leader in Data Science Powered™ Cloud Application Security. Its CloudSOC™ platform empowers companies to confidently leverage cloud applications and services while staying safe, secure and compliant. A range of Elastica Security Apps deployed on the extensible CloudSOC™ platform deliver the full life cycle of cloud application security, including auditing of shadow IT, real-time detection of intrusions and threats, protection against intrusions and compliance violations, and investigation of historical account activity for post-incident analysis.
3055 Olin Avenue, Suite 2000, San Jose, CA 95128
[email protected] elastica.net•