locking down shadow itfiles.informatandm.com/uploads/2018/10/using_cloud_app...shadow it •users...

#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM

Max FritzSolutions Architect

SADA Systems

Locking down Shadow ITWith Microsoft Cloud App Security

@theCloudSherpa

Max Fritz

Email : [email protected]

Twitter : @TheCloudSherpa

Blog: maxafritz.com

LinkedIn : in/maxafritz

Solutions Architect, SADA Systems

MCSA Office 365, MCSE Productivity

Founder/Leader of Minnesota Office 365 User Group

Working with Microsoft Cloud for over 8 years

Focus in EM+S and Exchange

Contact Details

▪ Microsoft 365

▪ Office 365

▪ Azure

▪ Skype for Business + Teams

▪ Dynamics 365

▪ EMS

▪ SharePoint Online

▪ Power BI

P R O D U CT S

▪ Founded in 2000

▪ HQ in Los Angeles, Washington D.C.

▪ One of Microsoft’s 1st Partners for Office 365

▪ One of Microsoft’s 1st Cloud Accelerate Partners

worldwide

▪ Microsoft National Solutions Provider

▪ One of Microsoft’s 1st Cloud Solutions Providers

(BETA)

25M+Users Migrated

10K+Workloads Migrated

3000+Clients Served

▪ Business Applications

▪ Apps & Infrastructure

▪ Modern Workplace

▪ Data & AI

O U R S O L U T I O NS & E X P E RT I SEA B O U T U S

3300+Projects Completed

A Glance at SADA

SADA Services

Technical Consulting Business Consulting

MODERNIZATION DATA ASSESSMENT BUSINESS

ALIGNMENT

INFRASTRUCTURE

DATA MANAGEMENT & ANALYTICS

PORTALS

PRODUCTIVITY

INTELIGENT COMMUNICATIONS

CHANGE MANAGEMENT

DELIVERY LEADERSHIP

MANAGED SERVICES

Full service consultancy applying expertise and experience through your organization

VALUE ENVISIONING

#ITDEVCONNECTIONS | ITDEVCONNECTIONS.COM

What are we talking about today?

Shadow ITMicrosoft

Cloud App Security


What is a CASB?

Cloud App Security Broker

A cloud access security broker (CASB) is a software tool or service that sits between an organization's on-premises infrastructure and a cloud provider's infrastructure.

Acts as a gatekeeper, allowing the organization to extend the reach of their security policies beyond their own infrastructure.


Top CASB Use Cases


What is Microsoft Cloud App Security

Cloud hosted tools to combat shadow

IT

Provide better visibility into usage

of cloud applications across your organization

Provide the ability to control application usage, sometimes

even at the file level

Manage compliance and security

Both are built on the same engine, acquired from

Adallom

All data stored in Azure (no Azure

subscription required)


What is Microsoft Cloud App Security


So what’s the whole point?


Shadow IT


Shadow IT

• Users are constantly using the tools that they find easiest and most available.

• Impossible challenge for IT as the content stored in these tools represents a security and compliance risk.

• The risk is ever more present with a cloud and mobile first world.

• We need a way to audit the use of unapproved applications and mitigate the risks.


There are 4 types of Shadow IT users

The nefarious leaker

• I’m going to store data secretly so you can’t track me!

The productive backstabber

• I’m going behind your back and I’m going to use what I want!

The productive innocent

• I want to do this function and I didn’t know any better

The rogue manager

• I’m going to buy this and you have to deal with it. Because I can


There are 3 types of Shadow IT responses

The jailkeep

• You’re getting reported and this is getting blocked!

The teacher & helper

• Let’s help you find a suitable replacement and avoid this in the future

The absorber

• Nothing I can do to stop you, so I’ll just have to keep taking on more


How do we in IT reach these users effectively


What parts of MCAS can we use for these responses?

The jailkeep

• Discover

• Analyze

• Report*

• Monitor

The teacher & helper

• Discover

• Educate*

• Manage

The absorber

• Discover

• Identify risk

• Evaluate compliance

• Manage


Shadow IT Discovery Lifecyclewith MCAS


Discovery

Sh

ad

ow

IT

dis

cove

ry • Discovery cloud apps in use

• Investigate users & source usage

• [Un]sanction and “protect” R

isk A

ssessm

ent

• Risk scoring by Microsoft for over 13k apps

• Based on security & compliance risk factors

Ale

rtin

g • Anomalous usage reports/alerts

• New apps and trending apps alerts


Information Protection

Gain

Vis

ibili

ty • Visibility to sharing level

• Quantify exposure and risk

• Detect and manage

Enfo

rce D

LP • Govern data

with DLP

• Can use MS or 3rd party DLP engines

• Control sharing by detection

Ale

rtin

g • Identify policy violations

• Investigate incidents

• Quarantine & remove permissions


Threat Detection

Behavio

ral

Analy

tics • Support sharing level

and classification labels

• Quantify exposure and risk

• Detect and manage 3rd apps access

En

forc

e D

LP • Advanced incident

Investigation tools

• Pivot on users, file, activities and locations

• Customize detections based on your findings


Session Control

Co

nte

xt-

aw

are

se

ssio

n p

olic

ies • Control access to

cloud apps based on user, location, device and app

• Supports any SSO, any SAML-based app, any OS

Lim

it s

essio

ns o

f u

nm

an

ag

ed

de

vic

es • Enforce browser-

based “view only” mode for risky sessions

• Limit access to sensitive data


How Microsoft Cloud App Security Works


Architecture and how it works

App connectors

Cloud discoveryProtected

Cloud apps

Cloud traffic

Cloud traffic logs

Firewalls

Proxies

Your organization from any location

API

Cloud App SecurityDiscovery

• Use traffic logs to discover and analyze which cloud apps are in use

• Manually or automatically upload log files for analysis from your firewalls and proxies

Sanctioning and un-sanctioning

• Sanction or block apps in your organization using the cloud app catalog

App connectors

• Leverage APIs provided by various cloud app providers

Conditional Access

• Real-time visibility and control over access to and activities performed within your cloud environment

Proxy access + Session


How Alerting Works


Anomaly Detection Architecture


Files and Data Control Architecture


MCAS Cloud Discovery architecture

Firewall/Proxy Log collector

User

IP address

Machine

Cloud App Security

portal

Shadow IT

Windows

Defender ATP


Deploy Cloud App Security in 4 simple steps

Setup a tenant Upload discovery logs

Connect a sanctioned SaaS

app

Configure initial policies


Demo


Questions?


Thank you!Email : [email protected]

Twitter : @TheCloudSherpa

Blog: maxafritz.com

LinkedIn : in/maxafritz

locking down shadow itfiles.informatandm.com/uploads/2018/10/using_cloud_app...shadow it •users...

Documents