Monitor and Manage your Cloud Applications - Cloud App Security and Cloud App Discovery
March 21, 2017
As we mentioned in the last blog about Single Sign On for Cloud Apps, the number of cloud-based applications is growing exponentially. As a result, it is almost a certainty many of your users are trying out these new programs. While many of these applications may improve efficiency, others can be a significant time or productivity waste. For either type of application, if it is not company approved, it can be a security hole when company content is stored in the application. So how do you find these applications in your environment and help bring them under control? EMS has two solutions for you – Cloud App Security and Cloud App Discovery.
What is Cloud App Security?
Cloud App Security is part of the EMS E5 suite, which is a network-based utility that collects information from any edge device (firewall, proxy, web filter, etc.), as well as services such as Office 365, and analyzes it to determine what cloud-based services are in use. Whether it is by IP or by web address, Cloud App Security can backtrack thousands of cloud applications and identify how much they are being accessed. With the included reporting options, this information can then be filtered down to users and groups to make it easier to identify questionable applications. In addition, Microsoft provides recommended scores for each cloud app it identifies so, even if you have never heard of it before, you can determine if it is a useful and secure app or one that might present a risk to you moving forward.
Identification, however, is not always enough. With Cloud App Security, you can also create policies to control access to applications. Whether it is an add-on application to Office 365 or a Salesforce component, Cloud App Security can help restrict access to ensure your users are protected.
Have a lot of remote users who aren’t behind your firewall?
Cloud App Discovery is for you! For organizations with a mobile workforce, Cloud App Discovery is your answer. While it does not have the full suite of features available in Cloud App Security, App Discovery is agent-based and so it can be run on any machine from any Internet connection. Just like Cloud App Security, the goal of App Discovery is to review and report on any cloud applications in use on the workstation. It does this by monitoring all browser traffic on the machine and correlating it to back to the cloud applications. All of this information is then sent back to Azure AD giving you a clear picture of the cloud applications active in your organization. At this time, Cloud App Discovery is only a monitoring tool, but as it is a part of the E3 suite (and a component of Azure AD Premium) it is also a tool that anyone with EMS can employ.
In our next blog, we round out the features of Azure AD Premium and discuss Risk Based Conditional Access and Privileged Identity Management.