Cloud applications are revolutionizing the way your employees can do their work. They enable Bring-Your-Own-Device (BYOD), are inherently mobile, can be up and running in minutes, and allow users to collaborate with anyone from anywhere to get their jobs done. It’s no wonder that cloud app adoption is growing at unprecedented rates. According to Forrester, breakthrough productivity gains are expected to drive the cloud app market to reach over $130 billion by 2020. But along with these benefits, cloud apps also carry unseen dangers: data leakage, insider threats, and compliance failures. These risks stem from four challenges that IT administrators face as cloud apps become a standard tool to help employees get their jobs done.

1 – Cloud App Visibility. Because cloud apps are so fast, easy, and affordable to deploy, many IT administrators are facing a problem of Shadow IT – employees using unsanctioned apps and bypassing IT security controls. Even Line of Business heads can approve cloud apps for entire departments to use, rolling out a new tool without the IT team knowing anything about it. Shadow IT inhibits SaaS visibility; IT can’t see which apps are being used so they can’t identify risky apps and are powerless to set informed app controls.

Cisco Cloud Access Security (CAS) provides visibility by presenting a complete list of all cloud apps that employees are using. This is a major step toward solving the Shadow IT problem. But CAS goes even further, providing a risk score associated with each cloud app based on 60+ attributes that are weighted according to the risk profile of the business. A cloud app that is considered “enterprise quality” supports multiple enterprise security requirements. With a complete list of cloud apps and their associated scores, IT administrators can decide whether a cloud app should be sanctioned or should be blocked.

2 – Cloud Content Visibility. With visibility into the cloud apps being used, the next challenge is to understand how they’re used – the data and files flowing to and from them. Even sanctioned apps can be used in unsanctioned ways, creating Shadow Data – the inability to see and control which files and data are being exposed.

CAS addresses this challenge. Through a single dashboard, IT admins can view the risk compliance aspects of all files uploaded into sanctioned cloud apps and gain visibility into SaaS content.

3 – Cloud Data Loss Prevention. With visibility into content established, the next step is to gain control over sensitive data shared through cloud-based apps. Traditionally, file sharing and permissions are monitored and controlled by IT. However this is no longer the case with cloud apps. Sharing is now democratized, to the point where even the file owner can’t fully control how their file is distributed. Sooner or later it can end up in the hands of someone who shouldn’t have it.

CCAS inspects files by category and content, including information related to HIPAA compliance, PCI compliance, Personally Identifiable Information (PII), etc. IT admins can write policies to prevent files with sensitive and compliance-related information from being uploaded to or shared from sanctioned and unsanctioned apps.

4 – Malicious Activity. IT admins also need visibility into potentially malicious activity. The files users bring into the organization through cloud apps also create risks. Just like other attack vectors, hackers target cloud app users with weak passwords on their accounts, or take advantage of the sharing potential of cloud apps.

CCAS inspects traffic activity and uses anomaly detection to find spikes in downloads or uploads. If deeper analysis is required, a historical analysis can find the root cause of any incident by user, activity, and cloud app. CCAS integrates with Cisco’s broad portfolio of cloud security and network security products to provide additional context to help organizations investigate malicious activity, make informed decisions, and take action.

The benefits of cloud apps to organizations are undeniable, but so are the risks. With Cisco Cloud Access Security organizations can reap the benefits these apps provide, but with the peace of mind that security isn’t compromised.

Learn more about Cisco Cloud Access Security and our other cloud security solutions in our launch webcast.



Raja Balakrishnan

Product Manager

Security Business Group