Today, data travels to many locations - across devices, apps, cloud services, and on-premises. It’s never been more important to gain visibility and control of data used by cloud applications, given the increasing number of cybersecurity attacks and regulatory compliance requirements.
What is MCAS
MCAS is a multimode Cloud Access Security Broker (CASB). It gives you rich visibility, enables you to control how your data travels, and provides sophisticated analytics to identify and combat cyber threats – across all of your cloud services. It helps you discover, protect and respond to threats.
By definition, CASB provides security and monitoring of activity between users and cloud applications and enforces data security policies. A CASB may deliver security, the management or both, "security" is the prevention of high-risk events, whilst "management" is the monitoring and mitigation of high-risk events.
Why does a managed service provider need MCAS
The capability CASB provides to a Managed Service Provider is profound, and in an industry increasingly driven by security, it offers partners the ability to differentiate. Partners can open up new market verticals, win bigger deals and upsell to existing customers to drive the bottom line.
Get control in the cloud - Mitigate risk by setting policies and alerts in order to achieve maximum control over network cloud traffic and migrate your users to safe, sanctioned cloud app alternatives.
Investigate your cloud apps - Use cloud forensics tools to deep dive into risky apps, specific users, and files in your network. Find patterns in the data collected from your cloud and generate reports to monitor your cloud.
Uncover shadow IT - Gain visibility by discovering apps, activities, users, data, and files in your cloud environment as well as third-party apps that are connected to your cloud.
Protect your data - Use Cloud App Security to sanction/un-sanction applications, enforce data loss prevention (DLP), control permissions and sharing, and generate custom reports and alerts.
Why does a customer need MCAS
Customers need to stay productive and efficient without worrying about how or where they’re working. MCAS allows customers to remain agile and flexible in their approach to their workforce and day-to-day business, without needing intrusive or complex systems.
By consuming MCAS, customers work with the freedom they need to maximise their output, even if they start using new cloud services without telling their IT service partner.
How Cloud App Security works?
Microsoft Cloud App Security gives you visibility into all the files from your connected apps. After you connect Microsoft Cloud App Security to an app using the App connector, Microsoft Cloud App Security scans all the files, for example, all the files stored in OneDrive and Salesforce. Then, Cloud App Security rescans each file every time it’s modified.
The Below diagram depicts the complete life cycle of Microsoft Cloud App Security deployment:
Phase 1: Discover and identify Shadow IT
Discover Shadow IT: Identify your organization's security posture by running Cloud Discovery in your organization to see what's actually happening in your network. MCAS integrates with Microsoft Defender ATP and third-party proxies including zscaler.
Identify the risk levels of your apps: Identify the risk levels of your apps: Use the Cloud App Security cloud app catalog to dive deeper into the risks that are involved with each discovered apps. Cloud App Security's risk catalogue includes over 16,000 apps that are assessed using over 70 risk factors.
Phase 2: Evaluate and analyse
Evaluate compliance: Check whether the apps are certified as compliant with your organization's standards, such as HIPAA, SOC2, GDPR.
Analyse usage: Understand the usage patterns and identify high risk of volume users
Phase 3 Manage your apps:
Manage cloud apps: Cloud App Security helps you with the process for managing app use in your organization. By creating new custom app tags in order to classify each app according to its business status or justification.
Continuous monitoring: by setting up policies that monitor the apps and provide control where needed.
Phase 4: Control sanctioned apps
- To enable app control via APIs, connect apps via API.(enable-instant-visibility-protection-and-governance-actions-for-your-apps.md) for continuous monitoring.
- Protect apps using Conditional Access App Control.
What’s new with Cloud app security?
Released June 23, 2019
- Deploy Conditional Access App Control for any app
We are excited to announce that we have expanded our support for Conditional Access App Control to any web app, in addition to the rich support we already offer for our featured applications. This new capability allows you to deploy any web app to work with session and access policies, enabling powerful real-time monitoring and control. For example, you can protect downloads with Azure Information Protection labels, block the upload of sensitive documents, providing auditing, among many others.
- Portal activity auditing
Cloud App Security audits all admin activity in the portal to provide you with comprehensive monitoring and investigation of activities performed. Now you can also export up to 90 days of activities for further investigation and analysis, for example, auditing of an admin investigating a specific user or viewing specific alerts. To export the log, go to the Manage admin access settings page.
- Custom session sign out from Cloud App Security portal
You can now configure automatic sign out of admin sessions to the portal that is idle for longer than a specified period.
Who is entitled to the service?
- Licensed users of Microsoft Cloud App Security standalone, EMS E5, M365 E5 and M365 E5 Security are entitled to receive the benefits of Microsoft Cloud App Security.
- Azure AD P1 licensed users are entitled to leverage the Discovery capabilities in Microsoft Cloud App Security.
- To be able to leverage Conditional Access App Control capabilities in Microsoft Cloud App Security, users additionally require to be licensed for Azure Active Directory P1, which is included in EMS E3, EMS E5, M365 E3, M365 E5, and M365 E5 Security.
- For automatic labelling, users are required to be licensed for Azure Information Protection P2, which is included in EMS E5, M365 E5, and M365 E5 Compliance.
For more information, please refer to the Microsoft Cloud App Security licensing guide at www.aka.ms/mcaslicensing
Some great videos :
If you’d like to discuss MCAS or how Microsoft 365 offers great services, contact us at https://rhipe.co.jp/
This blog is brought to you by rhipe's Cloud Enablement Specialist Alaa Rahal.