Cloud Access Security Brokers (CASBs) are a new generation of security solutions that are essential to any modern security strategy. CASBs provide a centralized experience that allows you to apply a standardized set of controls to the apps in your organization. The term Cloud Access Security Broker was first introduced by analyst firm Gartner and has since been one of the fastest growing security categories and is considered one of the top 10 security projects for companies to implement by 2020.

Microsoft Cloud App Security is a CASB that allows you to protect all apps in your organization, including third-party apps across cloud, on-premises, and custom applications. Powered by native integrations with Microsoft’s broader product ecosystem, Cloud App Security delivers state-of-the-art security for multi-cloud environments.

Due to the fast pace of the market, the capability set of CASBs continues to grow, making it increasingly challenging for customers to decide how to get started.

Today, we explore five of the top 20 use cases for CASBs we identified as giving you an immediate return on your investment with very little deployment effort needed before moving on to more advanced scenarios.

Use case #1: Discover all cloud apps and resources used in your organization

No matter where you are in your cloud journey, many of your users likely started leveraging cloud services a long time ago and have stored corporate data in various cloud applications.

A CASB provides you with full visibility over all data stored in sanctioned and connected cloud apps. It gives you deep insights about each file, allowing you to identify if it contains sensitive information, the owner and storage location, as well as the access level of the file. Access levels distinguish between private, internal, externally shared, and publicly shared files, allowing you to quickly identify potentially overexposed files putting sensitive information at risk.

Cloud App Security gives you multiple options to get started with Cloud Discovery. You can leverage firewall logs, an existing Secure Web Gateway, or the unique, single-click enablement via Microsoft Defender Advanced Threat Protection (ATP).

To learn how to get started with app discovery, read Discover and manage shadow IT in your network.

Use case #2: Identify and revoke access to risky OAuth apps

In recent years, OAuth apps have become a popular attack vector for adversaries. Hacker groups such as Fancy Bear have leveraged OAuth apps to trick users into authorizing the use of their corporate credentials, for example by duplicating the UI of a seemingly trustworthy platform.

A CASB enables you to closely monitor which OAuth apps are being authorized against your corporate environment and either manually review them or create policies that automatically revoke access if certain risky criteria are met. Key threat indicators are the combination of an app that has requested a high level of permissions, while having a low community use status, indicating that it’s not commonly found in other organizations and therefore more unlikely to be trustworthy.

Once you’ve enabled app discovery, all you need to do is connect the relevant apps like Office 365, Salesforce, or G-Suite to the service. You’re then alerted when new risky OAuth apps are authorized, so you can start managing them.

To learn more about how to get started with app discovery, read Manage OAuth apps.

Use case #3: Identify compromised user accounts

Identity attacks have increased by more than 300 percent over the past year, making them a key source of compromise and the number one threat vector for organizations.

A CASB learns the behavior of users and other entities in an organization and builds a behavioral profile around them. If an account is compromised and executes activities that differ from the baseline user profile, abnormal behavior detections are raised.

Using built-in and custom anomaly detections, IT is alerted on activities, such as impossible travel, as well as activities from infrequent countries, or the implementation of inbox forwarding rules where emails are automatically forwarded to external email addresses. These alerts allow you to act quickly and quarantine a user account to prevent damage to your organization. All you have to do is connect the relevant apps to Cloud App Security and activate our built-in threat detection policies.

To learn how to get started, read Monitor alerts in Cloud App Security.

Use case #4: Enforce DLP policies for sensitive data stored in your cloud apps

Cloud services such as Office 365 or Slack are key productivity solutions in many organizations today. Consequently, sensitive corporate data is uploaded and shared across them.

For existing data, a CASB solution can help you identify files that contain sensitive information and it provides several remediation options, including removing external sharing permissions, encrypting the file, placing it in admin quarantine, or deleting it if necessary.

Additionally, you can enforce data loss prevention (DLP) policies that scan every file as soon as it’s uploaded to a cloud app, to alert on policy violations and automatically apply data labels and relevant restrictions to protect your information. These policies can be created using advanced techniques such as data identities, regular expressions, OCR, and exact data matching.

To learn how to get started with a centralized DLP strategy across your key apps, read File policies.

Use case #5: Enforce adaptive session controls to manage user actions in real-time

In a cloud-first world, identity has become the new perimeter—protecting access to all your corporate resources at the front door.

Cloud App Security leverages Azure Active Directory (Azure AD) Conditional Access policies to determine a user’s session risk upon sign-in. Based on the risk level associated with a user session, you can enforce adaptive in-session controls that determine which actions a user can carry out and which may be limited or blocked entirely. This seamless identity-based experience ensures the upkeep of productivity, while preventing potentially risky user actions in real-time. The adaptive controls include the prevention of data exfiltration by blocking actions such as download, copy, cut, or print, as well as the prevention of malicious data infiltration to your cloud apps by preventing malicious uploads or pasting text.

You can apply a standardized set of controls to any app in your organizations, whether it’s a cloud app, on-premises app, or a custom application, giving you a consistent set of controls to protect your most sensitive information.

To get started with our built-in templates for inline controls, read Deploy Conditional Access App Control for featured apps.

Starting a CASB project can be daunting given the breadth of capabilities and possibilities of configuration. The five use cases outlined above, and the focus on simple deployment and optimization of UI in Cloud App Security, will ensure that you can make the most of your investment and get started quickly. For more use cases, download our Top 20 CASB use cases e-book.

Learn more and provide feedback

• Download our Top 20 CASB use cases e-book.
• Get started today with a free trial.
• Visit the Cloud App Security website.
• Bookmark the Security blog to keep up with our expert coverage on security matters.

As always, we want to hear from you! If you have any suggestions, questions, or comments, please visit us on our TechCommunity page.

The post Top 5 use cases to help you make the most of your Cloud Access Security Broker appeared first on Microsoft Security Blog.

Today, hundreds of ecosystem apps provide a great way to enhance and customize Teams, but to enable applications and services in an organization, they often need to be reviewed across a wide range of security and compliance criteria.

At Microsoft Build 2019, we announced the app certification program, which will streamline the process of gathering app information related to security, data handling, and compliance practices from our partners powered by Microsoft’s Cloud Access Security Broker and gives customers the ability to review this information in one central location.

App certification program

The goal of the app certification program is to provide customers with a reliable, unified, and publicly accessible cloud app risk assessment catalog via Microsoft AppSource and within the relevant admin portals. At the same time, we give partners the ability to work directly with Microsoft to provide the most up-to-date information about their apps’ security and compliance and certify these apps for business readiness.

In the first stage of this program, we’ll work closely with solution providers of Teams apps to ensure that the information is up to date, and allow them to self-attest their apps against more than 80 risk factors provided by Microsoft Cloud App Security, as well as leverage their security and compliance information submitted in CSA STAR.

In the future, we’ll expand this program beyond Teams to include our entire app ecosystem across Microsoft 365. We’ll also look into opportunities that would allow customers to easily identify apps that can enhance their experience in Teams, while meeting certain security and compliance requirements. A central app certification program could provide developers the ability to receive a “business ready” badge for each app and simplify the selection process for organizations.

Public risk assessment information for Teams apps.

Microsoft Cloud App Security

Microsoft Cloud App Security is a multimode Cloud Access Security Broker (CASB). It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services.

The Microsoft Cloud App Security cloud app catalog is the basis for the new certification program. Today, it includes an extensive and continuously growing catalog of more than 16,000 cloud apps that have each been assessed against more than 80 risk factors spanning security, compliance, and legal frameworks.

Risk assessment information for apps inside of Microsoft Cloud App Security.

Today, the cloud app catalog is kept updated through automated advanced data extraction, continuous analysis by the Microsoft Cloud App Security analyst team, and customer-based revision requests. Going forward, we’ll automatically update the information based on our partners’ self-attestation as they engage in the new app certification program.

The new app certification program provides a transparent way to our customers to review apps and ensure they meet internal security and compliance guidelines before approving them for use in their tenant.

This program is currently in its pilot phase. To assess and manage the risk of using Teams apps, check out the security and compliance content now available via Microsoft Docs.

Selection of the partners currently covered under the app certification program.

The post Ensuring security of your Microsoft Teams apps with Microsoft Cloud App Security appeared first on Microsoft Security Blog.