Assessment & Monitoring

Transcription

1 Cloud Services Shadow IT Risk Assessment Report Assessment & Monitoring Shadow IT Analytics & Business Readiness Ratings with Elastica CloudSOC & Audit November, 204 Based on all data sources from October, 204 to October, 204

2 Use of SaaS and cloud services is growing at a staggering pace, fueled by their ease of adoption, ability to be deployed rapidly, cost benefits, and support for convenient collaboration. While organizations may consciously embrace select cloud applications, others are often introduced by employees in an adhoc manner to aid business productivity or for personal applications. This creates a Shadow IT problem for CIOs as they lack visibility into the unsanctioned SaaS app usage within their enterprises. From an infosec standpoint, this lack of visibility creates a risk exposure for the enterprise as the IT department can t protect what it can t see. As the movement towards UserCentric IT grows, CIOs also need to understand which cloud applications are being adopted by employees and determine if they may be safe for use within the enterprise. PERCEPTION REALITY 4050 apps 774 apps Social & Collaborative & Productivity File Sharing What the IT Dept sees and controls What the IT Dept typically doesn t see and control 2

3 Overview Elastica s Audit application finds and monitors all the cloud applications being used in your organization and highlights any risks and compliance issues these may pose. Audit is a powerful tool for making intelligent decisions about which cloud applications organizations should embrace and which should be avoided. Uncover Shadow IT Gain visibility into all the cloud apps used within your company and their detailed Business Readiness Ratings. Analyze Your Cloud Risk Profile Get executive reports regarding your organization s risk profile tailored to your unique requirements. Make Smart Cloud App Choices Perform comparisons among alternative cloud apps and continuously monitor usage for compliance enforcement. Elastica Audit How The Solution Works The Elastica Audit app ingests logs from firewalls and other security proxy devices to perform its analysis. In order to meet privacy needs and regulations, customers can also anonymize and compress log information with Elastica s onpremise virtual appliance SpanVA, prior to log streaming. Logs are processed and results are available in the Elastica CloudSOC Audit App. Securlets Cloud App Traffic Elastica Gateway Logs from Security Devices AUDIT Shadow IT & Shadow Data Risk Business Readiness Rating DETECT Intrusions in cloud apps account StreamIQ ThreatScore PROTECT against intrusions in cloud apps accounts ContentIQ INVESTIGATE incidents & respond

4 Features Shadow IT Risk Assessment Finds and monitors all cloud applications used in your organization and highlights any risks and compliance issues 86 Business Readiness Rating Automatically rates each cloud application discovered in your organization, based on 60+ objective metrics Don t care Must have Nice to have Important Customized Ratings Enables customization of criteria weighting, to have ratings uniquely match your organization s needs Risk Categorization Categorizes your apps into high, medium or low risk categories Zing Drive Usage Analysis Reveals how frequently each cloud app is used and by whom, identifying opportunities for streamlining and cost reduction Identifies New apps employees have introduced that may be risky Zing Drive Box Google Drive Comparative Analysis Finds alternatives for highrisk apps (or any app), and performs intuitive sidebyside comparisons Advanced Visualization Quickly zooms into the information you are looking for with easytouse filters, pivot views, and time scale adjustments Easy Data Export Readily exports data for offline analysis and processing Cloud Services Risk Assessment Report Scheduled Reports Provides a comprehensive report with executive summaries along with a list of discovered services and recommendations Delivers periodic reports via to critical stakeholders in the organization Access Enforcement Policies Allows remediation at the proxy or firewall through blocking of nonit approved apps 4

5 The Elastica Audit App addresses IT security s most pressing needs. Some key use cases are: We are a global company with 40,000 employees spread across different parts of the world. As a CISO/CIO, I have little visibility into the scale and impact of Shadow IT and need to know which SaaS services are being used in my company. Audit Summary Services Destinations Month December, 204 December, 204 Generate Audit Report Your Audit Score SaaS Services Top Risky Services (89 services) 45% at medium or higher risk Destinations The Elastica CloudSOC Audit application analyzes your company s proxy and firewall logs to provide an executive summary and identify the cloud services in use. Along with several prioritized views such as most risky services and most used services, you can instantly generate a cloud service risk assessment report that will provide deeper insights into risks and usage, and monitor their trends over time. Access 52 Service 89 Informational 48 Data Compliance 0 Business 82 Administrative 5 Feedbackify! 8 Feedback Management Pusher 2 25 Realtime Messaging Pluralsight IT Training, Developer Training Bitcasa 4 28 File Sharing Security Metrics 5 50 Hosted Vulnerability Scanners AdvertServe 6 65 Inventory Management Compete 7 4 Business Intelligence, Digital Marketing Insightera 8 25 Predictive Alerts goroost 9 65 Desktop Alerts Comscore 0 50 Marketing Analytics, Brand Management ChannelAdvisor 0 ECommerce Janrain 2 Social Media Management Feedbackify! Feedback Management Top Destinations () out of 42 services (45%) 89 are at medium or higher risk MOST USED SERVICES 54 of these services (29%) are used by at least 20% of users NEW SERVICES 8 of these services (0%) are new services USERS,89 of 2,20 users (5%) use these services CATEGORIES 7 of 4 categories (50%) belong to these services DATA UPLOAD 45GB of 24GB uploads (9%) to these services DATA DOWNLOAD 28GB of 609GB downloads (2%) from these services As a security admin, I d like to identify SaaS apps that can pose risk to my company apps discovered in my organization that lack tighter security controls, users of these apps, and other usage details. With the Elastica Audit App, you can quickly identify risky services that your employees have adopted or started using recently, as well as identify the employees using these services. Moreover, you can discover why each app is risky, as measured against over 60+ objective security attributes. SESSIONS 8,000 of 4,250 sessions (2%) are by these services DESTINATIONS of 0 destinations (0%) host these services 5

6 Protect Create New Policies Blocks Alerts ContentIQ Now that I ve identified the unsanctioned cloud apps in my organization, how can I take action to block them? Showing 29 of 29 Select All Policy Name Activity 9dec Search Rules Response Actions Services Content Types ThreatScore Other 84 Active and High ThreatScore 90 AccountingBlock File Exposure With Elastica CloudSOC, you can block unapproved cloud services discovered using the Elastica Audit App while letting employees use apps that meet internal security guidelines. With this solution, you can embrace Shadow IT and adapt to your employees and business unit needs. Business_526_2 Access Enforcement CloudRisk Access Enforcement DS GW Policy File Sharing Gateway FileTransferInspection File Transfer Gateway FS GW Policy File Sharing Gateway High ThreatScore Block HR BLOCK Access Enforcement HR Folder Content File Exposure HR Threat Except Except Except 2 80 Except 2 82 Incident Monitor 4 75 JS Share Block File Exposure Manage access Access Enforcement Compare Services All of the Above Search within categories Box 87 OneDrive 87 ShareFile 87 Syncplicity 87 Google Drive 87 Google Drive Our business units are adopting cloud services to automate their processes. Evaluation of the cloud service providers (CSPs) they are using is a timeconsuming activity which involves collection of many data points and performing risk assessments of the services. Is there an easier way? Service Comparison ZingDrive 8 OneDrive 87 ShareFile 87 Box 82 REMOVE ALL REMOVE REMOVE REMOVE Access Federated Identity Management OAuth support SAML support OpenID support Federated Identity Management Utilizes CAPTCHA Protection from multiple failed logins None Account Lockout Progressive Backoff Account Lockout Multifactor Authentication Multifactor authentication via SMS Multifactor authentication via USB Token Multifactor authentication via Smartcard Multifactor authentication via secondary Multifactor authentication via Mobile App Elastica s research team has analyzed thousands of cloud apps using 60+ objective information security attributes. You can modify the prioritized weighting of these attributes to match your organization s internal security requirements (e.g., critical feature vs nice to have), or use the default settings. A Business Readiness Rating is then computed and assigned to each cloud service. Each service is also mapped to respective categories such as file sharing or CRM. The Compare Services feature in the Elastica Audit App allows sidebyside comparison and dramatically reduces the CSP vendor evaluation time. 6

7 JS JS JS HTML XLS HTML I m concerned that we are wasting money, with many disparate groups using a variety of cloud apps to provide similar functions. Is there a way to identify this inefficiency, so I can consolidate service agreements, trim business costs and simplify IT management? Audit Summary Services Destinations 249 SaaS SERVICES Total Traffic Volume EXPORT CSV (Showing daily counts) 27 HIGH RISK 90 MEDIUM RISK 2 USERS/IP ADDRESSES Month DEC 22, 204 JAN 20, 205 Search within categories Rating Name Sessions Traffic Destinations Platform Avg Duration You can identify discovered SaaS services by category and monitor adoption of these services. By comparing these services across attributes that matter to your organization, your IT team can be wellinformed in making recommendations to business units for potential alternative apps. This data can also be used to facilitate the consolidation of multiple accounts with the same SaaS provider into a single account to achieve a better discounts and reduce IT complexity Google AdSense Advertising, Embedded Amazon S Storage, Embedded Bitdefender Security, Embedded Dropbox Storage, File Sharing GitHub Code Hosting Cyfe Monitoring Amazon Cloudfront CDN, Embedded Amazon Web Services PaaS, IaaS Liverail Advertising, Embedded 2k 4k k 5k k 5.7 GB 2.5 GB.8 GB MB 29.9 MB 28.6 MB 27.9 MB 99. MB 2.2 GB mins 0s 9s 25s 6mins 22s 5mins 8s mins 5s 2mins 6s 2mins 5s 4s Securlet for Box Internal Exposed Files Exposures 2,047 Public INTERNALLY OWNED Showing 20 of 2,829 Document complex_header.js complex_header.php idraw.js idraw.js 0Dashboard 02ff627f40.html External,409 External 0_Network Media Perform ss89909.html 6,9 Internal Owner Exposed PCI PII HIPAA Risk Type 27 Source Code Virus/Malware Onprem DLP 0 Encrypted/Compressed 2 Activity Count Other Risks Size B B B Options Show overview video Learn More Activities Content Type Computing 50 Business 26 Engineering 24 Health 5 Legal 4 Design Doc 0 EXPORT CSV Search within categories Risks Exposures PCI PII HIPAA Source Content In Ex Pub Code IQ Do you also offer a solution that provides me deeper insights into an individual SaaS app such as Box? I m specifically concerned about the 0 million files and 50,000 folders I have stored in it. How do I know which users are at highest risk for exposing sensitive content? Elastica offers standalone Securlets that provide advanced security functionality for specific cloud apps such as Box. You can protect corporate assets stored in Box by detecting and remediating risky exposures, including those related to personally identifiable information (PII), Payment Card Information (PCI), Protected Health Information (PHI), source code, financial, or other sensitive types of data. Elastica Securlets also detect malicious user activity, and provide policies and controls to prevent data leakage. 7

8 AUDIT DETECT PROTECT INVESTIGATE shadow IT threats data transactions Data Science Powered About Elastica Cloud App Security Elastica Elastica is the is leader the innovator Data Science of Data Powered Science Powered Cloud Application Cloud Application Security. Its Security. CloudSOC Its platform CloudSOC empowers solution companies empowers to confidently the Elastic leverage Enterprise cloud and applications enables companies and services to while staying confidently safe, secure leverage and compliant. cloud applications A range of and Elastica services Security while Apps staying deployed safe, secure on the extensible and compliant. CloudSOC Elastica platform Apps deliver on the the extensible full life cycle CloudSOC of cloud application platform today security, offer including a auditing cloud of audit shadow for Shadow IT, realtime IT, granular detection transaction of intrusions visibility, and threats, detection, protection security against intrusions controls and and compliance postincident violations, forensic and analysis. investigation of historical account activity for postincident analysis. Learn more about Elastica at elastica.net. Follow us on Learn more at elasti.ca/audit 055 Olin Ave, Suite 2000, San Jose, CA 9528 sales@elastica.net