Shadow IT Discovery: 3-day Implementation

For Shadow IT Discovery, we use the capabilities of Microsoft Cloud App Security, which have been expanded to also allow monitoring of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) resources in Azure.

Combined with the power of unique capabilities within the Azure Microsoft cloud, we will carefully evaluate your firewall logs to discover exactly what cloud-based applications are being used. We will then present this information back to you at a high-level. We will engage with your users and organization to mitigate the use of these apps and services within Azure and educate users on how to use sanctioned apps and services.

Description of Activities

Discover which cloud apps people are using.

• Gain visibility into sanctioned apps - activities and data.
• Shape your cloud environment via API.
• Enforce access control.
• Enforce session limitations.

DAY 1

Review concepts of Shadow IT:

• Gain insight into current customer environment.
• Establish understanding of current Shadow IT scenarios/risks/threats.
• Review Cloud App Security Dashboard and expected outcome of POC.
• Determine levels of technical integration (Automated log upload over three-week period of one time upload of logs covering similar time).
• Create understanding around sanctioned vs. unsanctioned applications.

Technical Set Up:

• Understand additional security elements such as IAM and DLP tools currently in place (Proxy Gateways, AV, Firewalls including versioning etc.).
• Customer to ensure access to Logs from Proxy and Firewalls for upload to CAS tool.

DAY 2

Log upload and analysis followed by onsite workshop. Review output including but not limited to;

• Risk Score
• Open Alerts
• Key Findings
• Customization
• Possible Policy build

DAY 3

Recommendations for next steps for automated discovery & app connectors.

• Review and consider operational model – run effort or managed service.