Global Financial institution Manages Shadow IT, Cloud Usage, and Enforces Security, Compliance and Governance.
Using EveryCloud’s award winning CASB platform, our customer has embraced a new generation of cloud services. Enabling them to let their employees adopt online tools quickly and easily. Allowing them to perform their tasks more efficiently. The company’s Global Information Security Officer was concerned he lacked visibility into exactly the cloud services being used by his employees.
“We knew employees were using a lot of services, and we didn’t want to stop them from using any legitimate tool. But we needed a better understanding of what was happening,”
Managing Shadow IT and Accelerating Cloud Service Security Evaluations
What’s more, the process of approving new cloud services for use by employees required roughly 30 person-hours of due diligence by a staff of three security experts.
This process involved direct calls to CTOs or security departments of cloud service companies, as well as significant manual one-off efforts to verify security practices and assess risk factors.
To discover cloud services that had not been declared by employees, the team had to pour over reams of log files, as existing management tools focused more on cyber-attack risks than cloud service risks. They needed a tool that could meet all their needs ¬– including the ability to discover all cloud services in use by company employees, reduce the time and cost of vetting cloud services, provide anomaly detection to spot behaviours that likely indicated data leakage, and prevent access to high-risk cloud services.
“EveryCloud has allowed us to not only enable our users to use the services they enjoy and that we trust, but has also allowed us to expedite the procurement process while reducing our overall risk posture.”
Leveraging EveryCloud’s Cloud Access Security Broker (CASB) tools allowed the business to discover the true scope of its cloud services footprint. And make the lengthy approval process for new cloud services more efficient. Using EveryCloud, our client discovered all the cloud services in use and quickly assessed their risk.
“I had expected a good amount, but the sheer diversity of services was surprising to me. Many services I would not have expected showed up in the analysis, including some that we decided we needed to add because they filled a legitimate need we had not foreseen.”
This enabled the implementation of new services to support various business critical exercises. “Having those ratings from a source we can trust means we can cut time spent onboarding a new cloud service down to 3—4 hours. It has allowed my team to become far more efficient, and I love the fact that EveryCloud continually updates its ratings because we would never have time to go back and regularly check up on approved services.”
The team also used EveryCloud’s integration with API’s and their firewalls & proxies to serve just-in-time educational messages. These coached users away from high-risk services to enterprise-sanctioned services, such as Box.
Extending Security, Compliance and Governance Policies
With Shadow IT cloud usage effectively managed, they turned their focus to enforcing security, compliance and governance policies for their sanctioned services. The ability to extend existing on-premises data loss prevention policies into the cloud for file-sharing and collaboration services, like Box, was a high priority. By adding EveryCloud into the IT portfolio, our client was able to ensure compliance with both internal policies and industry regulations.
In utilizing EveryCloud’s behavioural analytics they have also been able to benchmark normal user behaviour and automatically detect anomalous activity across multiple dimensions. Including data sensitivity, access count, volume, direction and geography. In doing so they can protect against risks like compromised accounts and misuse. Additionally, the team gained the ability to not only audit collaboration activity with third parties, but also enforce collaboration control policies to dictate appropriate sharing permissions based on the sensitivity of the data. For example, they can set policies allowing the sharing of important files only with authorized users from business partners with corporate email domains and not those with personal accounts.
Implementing EveryCloud for Shadow IT has provided the team with the tools they need to give their users the best services possible and ensure that those services are being used in accordance with their security, compliance and governance policies.
“Overall, working with EveryCloud has allowed us to not only enable our users to use the services they enjoy and that we trust, but has also allowed us to expedite the procurement process while reducing our overall risk posture. It has been a win-win for the entire organization.”