locking down shadow itfiles.informatandm.com/uploads/2018/10/using_cloud_app...shadow it •users...
TRANSCRIPT
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Max FritzSolutions Architect
SADA Systems
Locking down Shadow ITWith Microsoft Cloud App Security
@theCloudSherpa
Max Fritz
Email : [email protected]
Twitter : @TheCloudSherpa
Blog: maxafritz.com
LinkedIn : in/maxafritz
Solutions Architect, SADA Systems
MCSA Office 365, MCSE Productivity
Founder/Leader of Minnesota Office 365 User Group
Working with Microsoft Cloud for over 8 years
Focus in EM+S and Exchange
Contact Details
▪ Microsoft 365
▪ Office 365
▪ Azure
▪ Skype for Business + Teams
▪ Dynamics 365
▪ EMS
▪ SharePoint Online
▪ Power BI
P R O D U CT S
▪ Founded in 2000
▪ HQ in Los Angeles, Washington D.C.
▪ One of Microsoft’s 1st Partners for Office 365
▪ One of Microsoft’s 1st Cloud Accelerate Partners
worldwide
▪ Microsoft National Solutions Provider
▪ One of Microsoft’s 1st Cloud Solutions Providers
(BETA)
25M+Users Migrated
10K+Workloads Migrated
3000+Clients Served
▪ Business Applications
▪ Apps & Infrastructure
▪ Modern Workplace
▪ Data & AI
O U R S O L U T I O NS & E X P E RT I SEA B O U T U S
3300+Projects Completed
A Glance at SADA
SADA Services
Technical Consulting Business Consulting
MODERNIZATION DATA ASSESSMENT BUSINESS
ALIGNMENT
INFRASTRUCTURE
DATA MANAGEMENT & ANALYTICS
PORTALS
PRODUCTIVITY
INTELIGENT COMMUNICATIONS
CHANGE MANAGEMENT
DELIVERY LEADERSHIP
MANAGED SERVICES
Full service consultancy applying expertise and experience through your organization
VALUE ENVISIONING
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
What are we talking about today?
Shadow ITMicrosoft
Cloud App Security
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
What is a CASB?
Cloud App Security Broker
A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure.
Acts as a gatekeeper, allowing the organization to extend the reach of their security policies beyond their own infrastructure.
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
What is Microsoft Cloud App Security
Cloud hosted tools to combat shadow
IT
Provide better visibility into usage
of cloud applications across your organization
Provide the ability to control application usage, sometimes
even at the file level
Manage compliance and security
Both are built on the same engine, acquired from
Adallom
All data stored in Azure (no Azure
subscription required)
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
So what’s the whole point?
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Shadow IT
• Users are constantly using the tools that they find easiest and most available.
• Impossible challenge for IT as the content stored in these tools represents a security and compliance risk.
• The risk is ever more present with a cloud and mobile first world.
• We need a way to audit the use of unapproved applications and mitigate the risks.
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
There are 4 types of Shadow IT users
The nefarious leaker
• I’m going to store data secretly so you can’t track me!
The productive backstabber
• I’m going behind your back and I’m going to use what I want!
The productive innocent
• I want to do this function and I didn’t know any better
The rogue manager
• I’m going to buy this and you have to deal with it. Because I can
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
There are 3 types of Shadow IT responses
The jailkeep
• You’re getting reported and this is getting blocked!
The teacher & helper
• Let’s help you find a suitable replacement and avoid this in the future
The absorber
• Nothing I can do to stop you, so I’ll just have to keep taking on more
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
What parts of MCAS can we use for these responses?
The jailkeep
• Discover
• Analyze
• Report*
• Monitor
The teacher & helper
• Discover
• Educate*
• Manage
The absorber
• Discover
• Identify risk
• Evaluate compliance
• Manage
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Discovery
Sh
ad
ow
IT
dis
cove
ry • Discovery cloud apps in use
• Investigate users & source usage
• [Un]sanction and “protect” R
isk A
ssessm
ent
• Risk scoring by Microsoft for over 13k apps
• Based on security & compliance risk factors
Ale
rtin
g • Anomalous usage reports/alerts
• New apps and trending apps alerts
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Information Protection
Gain
Vis
ibili
ty • Visibility to sharing level
• Quantify exposure and risk
• Detect and manage
Enfo
rce D
LP • Govern data
with DLP
• Can use MS or 3rd party DLP engines
• Control sharing by detection
Ale
rtin
g • Identify policy violations
• Investigate incidents
• Quarantine & remove permissions
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Threat Detection
Behavio
ral
Analy
tics • Support sharing level
and classification labels
• Quantify exposure and risk
• Detect and manage 3rd apps access
En
forc
e D
LP • Advanced incident
Investigation tools
• Pivot on users, file, activities and locations
• Customize detections based on your findings
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Session Control
Co
nte
xt-
aw
are
se
ssio
n p
olic
ies • Control access to
cloud apps based on user, location, device and app
• Supports any SSO, any SAML-based app, any OS
Lim
it s
essio
ns o
f u
nm
an
ag
ed
de
vic
es • Enforce browser-
based “view only” mode for risky sessions
• Limit access to sensitive data
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
How Microsoft Cloud App Security Works
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Architecture and how it works
App connectors
Cloud discoveryProtected
Cloud apps
Cloud traffic
Cloud traffic logs
Firewalls
Proxies
Your organization from any location
API
Cloud App SecurityDiscovery
• Use traffic logs to discover and analyze which cloud apps are in use
• Manually or automatically upload log files for analysis from your firewalls and proxies
Sanctioning and un-sanctioning
• Sanction or block apps in your organization using the cloud app catalog
App connectors
• Leverage APIs provided by various cloud app providers
Conditional Access
• Real-time visibility and control over access to and activities performed within your cloud environment
Proxy access + Session
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
MCAS Cloud Discovery architecture
Firewall/Proxy Log collector
User
IP address
Machine
Cloud App Security
portal
Shadow IT
Windows
Defender ATP
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Deploy Cloud App Security in 4 simple steps
Setup a tenant Upload discovery logs
Connect a sanctioned SaaS
app
Configure initial policies
#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM
Thank you!Email : [email protected]
Twitter : @TheCloudSherpa
Blog: maxafritz.com
LinkedIn : in/maxafritz