How to Apply IT Governance for Non-Microsoft Cloud Apps
Like physical security, cybersecurity is easier when you have to protect fewer locations. The more spaces you need to secure, the more complex things are going to be. Unfortunately, in today's digital world, network traffic isn't going to and from a single cloud app. Your data is bound to flow in and out of several, regardless of how many policies you implement.
Check out this scenario: you have Microsoft defender set up to protect your network environment and have a policy that your data stays in that ecosystem. However, more likely than not, someone from your organization will still be using apps like Dropbox or Google Suite. Those are cloud apps where you might not have protections in place.
Sound familiar? If it does, that's because habits are hard to break. People will always tend to use what they're most comfortable with. Thankfully, there is a way of securing those endpoints and applying IT governance despite operating on multiple cloud platforms.
At ITS, we've helped hundreds of businesses manage and secure their data in the cloud. In this article, we'll help you understand how we apply IT governance for non-Microsoft cloud services. To do that, we'll discuss the following:
- Why is IT Governance Important When Using Non-Microsoft Cloud Applications?
- Ways to Apply IT Governance for Cloud Apps
Why is IT Governance Important When Using Non-Microsoft Cloud Applications?
Migrating to the cloud requires you to shift your approach to data security. Having the ability to let people access your sensitive data from anywhere with any device means your organizational perimeters and boundaries have changed.
"Networks used to be in a single location, and you just provide the security there, and your stuff will be protected. But once things start becoming like tentacles branching out and getting out of control, you can't really protect all these different areas," said Kyle Ramirez, our Technical Sales Engineer from ITS San Francisco.
"Let's say we protect our OneDrive data because we have Defender for Office 365, but we don't protect our Google Drive data. So when we send our company data to Google Drive, we now lose control over what happens to the data. You really need that control so that you can ensure that you don't get unintended data leaks," he explained.
In other words, your security controls need to adapt to the new digital landscape to be effective. Doing so means better security for your network. Ensuring you have visibility over your data across all endpoints and multiple cloud services enables you to retain that control. It allows you to apply policies and limitations that can protect your network from threats or data breaches.
"That kind of governance is really important from a risk management standpoint and making sure you're not putting your business in a dangerous situation," he stated.
Ways to Apply IT Governance for Cloud Apps
According to Ramirez, there are two pathways to achieve IT governance for the cloud. You can choose a basic tool like Microsoft's Cloud Discovery or opt for a premium paid option like Microsoft Defender for Cloud Apps.
Basic Method: Cloud Discovery
Microsoft's Cloud Discovery is a small module included with every Microsoft 365 business premium subscription. The tool allows you to monitor your data across different cloud platforms.
"There's not a lot of granular reporting because it's just a general broad stroke discovery tool. But around 24 hours [after setup], I could already see how much traffic is going to Microsoft and how much traffic is going to Amazon AWS, or Google Drive, or Dropbox," Ramirez shared.
"From there, we can gauge how much of your network traffic is sanctioned or unsanctioned. And also, how many gigabytes of data are going to these services, and which IP addresses on your local network are serving this data to those outside services," he explained.
While Cloud Discovery offers great visibility over your data, Ramirez cautioned that governing using that method would be more labor-intensive. According to him, if "you want to set a new policy, then you'll need to talk to your employees to see if they can adhere to it. Now, that's kind of a more manual labor way of doing it."
That's because a basic tool like Cloud Discovery can't give you controls to apply policies and limitations across third-party cloud apps. If you want that level of control, you'll need to choose a premium solution like Microsoft's Defender for Cloud Apps.
Premium Method: Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps, formerly known as Microsoft Cloud App Security (MCAS), is a Cloud Access Security Broker (CASB) that operates on multiple cloud platforms. It's a cloud-based solution that provides a new layer of security for today's modern landscape. It enables oversight and control of activities and information across public and custom cloud apps.
According to Ramirez, it is a premium suite of services from Microsoft that allows you to create policies and govern what happens on other third-party applications.
"One of the premium services of Microsoft Defender for Cloud Apps is that you can also now extend your security services to those third-party services," Ramirez said. "You can have policies that restrict access, but maybe you want to allow some flexibility. Maybe some users need Google Drive. Now, you can allow usage of that service, but also you can say: 'I want that traffic to be scanned. I want to make sure that we apply our security services when it gets sent to that destination,'" he explained.
"You're kind of like extending your reach of what you can control. But in general, you want to have that control over your data because you want to minimize data leaks," Ramirez said.
Need Help Applying IT Governance for Your Cloud Apps?
Applying IT governance for cloud apps is a must in today's current digital landscape. It helps protect your business from external threats and prevents unintended data leaks when using third-party cloud services.
Fortunately, if you're running a Microsoft environment, you have two great options to choose from: Cloud Discovery and Microsoft Defender for Cloud Apps. The former offers great visibility and comes free with your Office 365 business premium subscription. However, it lacks control provisions. On the other hand, the latter offers more control and premium services, but it comes with a price tag.
At ITS, we've helped hundreds of business owners make smart decisions when it comes to cloud computing. If you're in the market for a cloud service provider, check out our article on how to choose the right cloud service provider.