Security Experts:

Cloud App Security - Microsoft's Very Own CASB

Ask any chief information security officer (CISO) what worries him most about cloud migration and he is likely to reply, 'visibility'. When data goes into the cloud, visibility into the data is usually lost; and what you cannot see, you cannot control. This visibility issue explains the two biggest concerns about cloud: security and compliance. 

Microsoft is making a concerted effort with Office 365 and Azure to first catch AWS, and then dominate the cloud. Its challenge is to solve the visibility issue, but preferably doing so under the Microsoft umbrella. The emerging cloud access security broker (CASB) technology solves the same problem, but for everyone. 

Cloud Visibility Concerns

This is the reasoning behind Microsoft's newly available Cloud App Security. It is a CASB, developed from the acquisition of Adallom in September 2015—and it does what other CASBs do. Microsoft describes this as three primary capabilities:

App Discovery - it detects all of the cloud apps used by network users (but not, of course, those used by unprotected personal devices). In other words, it brings Shadow IT out of the shadows and applies risk scoring to the different apps. Detection is done by analyzing existing logs. 

Data Control - granular controls can be set on sanctioned apps via API-based integration. This allows the use of local security controls on cloud data. 

Threat Protection - applies behavioral analytics and anomaly detection to the cloud applications; providing the missing 'visibility'.

One question is whether the emergence of Microsoft in the CASB market will affect other CASB vendors. Nigel Hawthorn, EMEA Marketing Director at Skyhigh Networks, believes there is room for everyone. "Gartner," he told SecurityWeek, "expects that 85% of large enterprises will be using CASB by 2020."

While there is the possibility that Cloud App Security will be a preferred option for some Office 365 enterprises - especially since this was Adallom's primary strength before the acquisition by Microsoft, Hawthorn believes the market is so large that "one product is unlikely to fit the needs of every customer."

For its part, Microsoft told SecurityWeek that it is not aimed at just Microsoft users. "Microsoft will continue to sell and support Cloud App Security for non-Office 365 services including Salesforce, Box, AWS, Dropbox, Google Apps, and ServiceNow," the software giant said.

SkyHigh's Hawthorn suspects that many enterprises will welcome a separation between cloud service providers and the broker that monitors them. One concern for many companies considering migrating to the cloud is the availability of an escape route or extraction methodology. While it is relatively easy just to remove raw data back to on-premise or other cloud, the more provider-specific applications used in the cloud, the harder this becomes.

The Microsoft CASB will become an attractive option for those enterprises willing and able to commit themselves to Microsoft. Others might prefer an independent CASB. Either way, Hawthorn is not worried, and told SecurityWeek he would "welcome any bake-offs between ourselves and any competitor, Microsoft included. We are a strong technology partner with Microsoft," he added, "and offer both reverse proxy and API integration with Office 365 - and we are continuing to invest in widening our support for O365 along with all of our other cloud services."

The bottom line is that Cloud App Security is just another CASB.

Related Reading: Security, Compliance Remain Biggest Concerns Over Cloud

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.