What are the risks with CloudApp

Working with the app risk assessment

  • 8 minutes to read

Applies to: Microsoft Cloud App Security

Important

Microsoft's Threat Prevention product names are changing. You can find more information about this and other updates here. We will be updating names in products and documentation in the near future.

The cloud app catalog gives you a complete picture of what is identified by Cloud Discovery. Cloud Discovery analyzes your traffic logs against the Microsoft Cloud App Security cloud app catalog, which contains more than 16,000 cloud applications. The apps are ranked and rated based on more than 80 risk factors to give you continuous insight into cloud usage, shadow IT, and the risk that shadow IT poses to your organization. This article provides instructions on how to use and customize the risk assessment of the Cloud App Security app.

The cloud app catalog

The Cloud app catalog assesses the risk to your cloud apps based on legal certification, industry standards and best practices. Four additional processes that run in the cloud app catalog to keep it up to date:

  1. Automated data extraction directly from the cloud app: The extraction is carried out for attributes such as b. soc 2 compliance, contract terms, login url, privacy policy and central location location.
  2. Automated advanced data extraction through the algorithms of Cloud App Security (for attributes such as HTTP security headers)
  3. Ongoing analysis by the cloud analyst team from Cloud App Security (for attributes such as the encryption of data at rest)
  4. Customer-based revision requests based on customer submission requests for changes to the cloud app catalog. All requests are reviewed by our team of cloud analysts and updated based on their results.

Cloud apps as a solution to changing needs are becoming increasingly popular for business units. The cloud app catalog allows you to choose which app meets the security needs of your organization. The catalog keeps you informed of the latest security standards, risks and violations.

For example, if you want to compare CRM apps and make sure they're adequately secured, you can use the Cloud App Catalog to filter on apps that are relevant to you:

  1. Click on the side Cloud app catalog under Browse by categories on CRM.
  2. Use the extended Filter and insert the Compliance risk factor on "SOC 2 is equal to TRUE" firmly.
  3. Put the Compliance risk factor on "ISO 27001 is equal to TRUE" firmly.
  4. Put the Security risk factor on "Encryption of data at rest is equal to Unsupported and N / A" firmly.
  5. Put the Security risk factor on "Audit trail for administrators is equal to TRUE" firmly.
  6. Put the Security risk factor on "Audit trail for users is equal to TRUE" firmly.

After the results have been filtered, you can take a look at the relevant apps and pick the one that best suits your needs.

Filters in the cloud app catalog

There are both simple and advanced filters in the cloud app catalog. For a complex filter, you can use the advanced option which includes the following filters:

  • App tags: You can use tags to customize the cloud app catalog. You can choose between Sanctioned and Not sanctioned or you can create custom app tags. These tags can then be used as filters. Filters can help you examine specific types of apps in more detail.
  • Apps and domains: Allows you to search for specific apps or apps used in specific domains.
  • Categories: Use the Categories filter on the left side of the page to search for app types based on app categories. Examples of this include apps for social networks and cloud storage apps. You can select one or more categories at the same time. Then select the simple or advanced filters for the categories.
  • Compliance risk factor: This allows you to search for specific standards, certifications, or conformities that the app may conform to. These include, for example, HIPAA, ISO 27001, SOC 2 and PCI-DSS.
  • General risk factors: This allows you to search for general risk factors such as customer popularity, data center locale, etc.
  • Legal risk factor: This allows you to filter based on the rules and guidelines that are in use. You can use legal risk factors to ensure general data protection and data protection for the users of the app, e.g. by complying with the GDPR, DMCA and the data retention policy.
  • Risk assessment: It allows you to filter apps based on the risk score that you want to focus on. For example, you can only review risky apps.
  • Security risk factor: This allows you to filter based on the appropriate security measures. These measures include the encryption of data at rest and multi-level authentication.

Amendment proposal

If you find a new app in your environment that has not yet been rated by Cloud App Security, you can request a review of the app. You can also request a review for a new risk factor, a rating update, or outdated app data.

Here's how you can propose a new app:

  1. Click at the top of the page Discovered apps click the three ellipses, and then click Suggest a new app.

  2. Enter in the pop-up window Propose a new cloud app Details about the new app. Paste in the name and domain of the app.

  3. We recommend checking the box so that Cloud App Security analysts can contact you if more information about the app is needed.

To update a risk factor, rating, or app data:

  1. Click on the side Cloud app catalog on the line of the app that you want to update, click the three ellipses at the end of the line, and then click Request a review update.

  2. In the pop-up window select " Suggest improvement "Whether you want to request a rating update, propose a new risk factor or update app data.

  3. We recommend checking the box so that Cloud App Security analysts can contact you if more information about the app is needed. This allows you to be notified when the analysis is complete.

Customize the risk assessment

Cloud Discovery gives you vital data about the trustworthiness and reliability of the cloud apps that are used across the environment. Within the portal, each determined app is displayed with an overall rating. These are used by Cloud App Security to indicate whether a particular app is ready for use in companies. The overall rating of a given app is a weighted average of these three sub-ratings related to the three sub-categories that Cloud App Security considers when rating reliability:

  • Generally : This category relates to basic facts about the company that produces the APP, including your domain, year of establishment, and popularity. These fields are intended to represent the stability of the company at the most basic level.

  • Security: The security category takes into account all standards in dealing with the physical security of the data used by the determined app. This category includes fields such as multi-factor authentication, encryption, classification of data and data ownership.

  • compatibility - This category shows which generally proven compatibility standards are followed by the company that produces the application. The list of specifications includes standards such as HIPAA, CSA, and PCI-DSS.

  • Law: This category shows which rules and guidelines are in place for which apps to protect the data and privacy of the app users, e.g. GDPR, DMCA and the data retention policy.

Each category has many specific properties. According to the Cloud App Security rating algorithm, each property receives a preliminary rating between 0 and 10, depending on its value. The values ​​TRUE and FALSE are assigned a rating of 10 or 0, respectively. However, continuous properties such as the age of the domain are assigned a certain value within the spectrum. The rating of each property is weighted against all other existing fields in the category to create the partial rating of the category. When you come across an unrated app, it is usually one that is unrated because its properties are unknown.

It is important that you take some time to review and change the default weighting settings in the Cloud Discovery assessment configuration. By default, all different evaluated parameters are weighted equally. If certain parameters are more or less important to your organization, you need to change them as follows:

  1. Select in the portal under the settings symbol Cloud Discovery Settings.

  2. Move under Rating metric the controller for importanceto change the weight of the field or risk category. The importance can on Ignored, Low, medium, High or Very high be determined.

  3. In addition, you can determine whether certain values ​​are either not available or not applicable in the rating calculation. When included, “Not Applicable” values ​​make a negative contribution to the calculated value.

All information on how the Cloud App Security risk assessments are stacked is available on the Cloud App Security portal. To better understand the weighting of a risk factor in a specific risk category, use the "i" button to the right of each field name in the app profile. This provides information on how exactly Cloud App Security rates a given risk factor. The result is the value of the risk factor on a scale from 1 to 10 plus its weighting in the risk category:

To understand the weighting of a risk category in the overall rating of an APP, hover your mouse over the rating of the risk category:

Overriding the risk assessment

If you want to overwrite the risk assessment, click in the table Discovered apps or in Cloud app catalog on the three ellipses to the right of each app, and click Override app rating. You can override an app's risk score without changing how it is weighted so you get quick results for your organization. Assume that the risk rating of a LOB app you use is "8". However, the app is sanctioned and recommended by your organization. You should change the risk rating of the LOB app to "10".

After overwriting the rating, you can add app notes to explain to other admins why you changed the app's rating.

You can also add notes to explain the changes for someone reviewing the app.

Next Steps

If you have any problems, we are happy to help. Open a support ticket to get help or support with your product problem.