Investigate Shadow IT with Microsoft Cloud App Security
Articles Blog

Investigate Shadow IT with Microsoft Cloud App Security

October 29, 2019


Kim Kischel: In this video, we’re going to discuss how the different cloud discovery views in the Microsoft Cloud App Security Portal can be used to investigate the use of shadow IT across your organization. Once continuous log collection is successfully configured, you can start discovering all cloud apps used in your organization, identify potential security and compliance risks, and act on them. So, let’s take a look. Go to the Microsoft Cloud App Security Portal and select cloud discovery dashboard from the navigation bar on the left. The cloud discover dashboard provides an overview of cloud apps and services across your organization. Here, you can see the total amount of discovered apps, IP address, users, and machines who are accessing cloud applications, as well as the total incoming and outgoing traffic. In the sections below, you get an overview of the top app categories and specific apps that are in use. And to the right, you can see a breakdown of your traffic into low, medium, and high risk. Now, let’s take a closer look at the discovered apps tab. For many organizations, cloud storage apps are a concern. Employees use apps that are not approved by IT to share large files or store sensitive information for ease of access. Select the cloud storage category. We can see that 40 cloud storage apps have been discovered in this environment. Now, you can use the filters at the top to narrow and prioritize your investigation based on certain risk factors that matter most to your organization, including the overall risk score, specific compliance factors, or security factors. In this case, we’re mostly interested in apps considered high risk, s owe will narrow our search to apps with the risk score of three or lower. The risk score is determined by Microsoft Cloud App Security based on more than 80 different factors, including security, compliance, and legal factors. We can now see that the app Mega is getting a lot of traffic. To better understand the scoring, we can take a look at the risk factors. Mega is missing critical compliance standards, such as ISO 27001. Given the risk of this app, we will tag it as under review. To better understand who is using the app, continue the investigation by clicking on the app name. You now get a detailed view that includes users, machines, and traffic patterns. This information will allow you to contact relevant users to better understand their needs and educate them on IT approved se3rs with similar functionality.

Leave a Reply

Your email address will not be published. Required fields are marked *