Cloud Discovery data anonymization
Applies to: Microsoft Cloud App Security
Cloud Discovery data anonymization enables you to protect user privacy. Once the data log is uploaded to the Microsoft Cloud App Security portal, the log is sanitized and all username information is replaced with encrypted usernames. This way, all cloud activities are kept anonymous. When necessary, for a specific security investigation (for example, a security breach or suspicious user activity), admins can resolve the real username. If an admin has a reason to suspect a specific user, they can also look up the encrypted username of a known username, and then start investigating using the encrypted username. Each username conversion is audited in the portal’s Governance log.
- No private information is stored or displayed. Only encrypted information.
- Private data is encrypted using AES-128 with a dedicated key per tenant.
- Resolving usernames is done ad-hoc, per-username by deciphering a given encrypted username.
How data anonymization works
There are three ways to apply data anonymization:
You can set the data from a specific log file to be anonymized, by creating a new snapshot report and selecting Anonymize private information.
You can set the data from an automated upload for a new data source to be anonymized by selecting Anonymize private information when you add the new data source.
You can set the default in Cloud App Security to anonymize all data from both snapshot reports from uploaded log files and continuous reports from log collectors as follows:
Under the Settings cog, select Cloud Discovery settings.
In the Anonymization tab, to anonymize usernames by default, select Anonymize private information by default in new reports and data sources. You can also select Anonymize machine information by default in 'Win10 Endpoint Users' report.
Under Encryption key, select whether you want to Use the dedicated key generated for your portal or Use a custom key. If you Use a custom key, enter a 16-byte UTF8 encryption key.
When anonymization is selected, Cloud App Security parses the traffic log and extracts specific data attributes.
Cloud App Security replaces the username with an encrypted username.
It then analyzes cloud usage data and generates Cloud Discovery reports based on the anonymized data.
For specific investigation, such as investigation of an anomalous usage alert, you can resolve the specific username in the portal and provide a business justification. This page can also be used to look up the encrypted username of a known username.
- Under the Settings cog, select Cloud Discovery settings.
- In the Anonymization tab, under Anonymize and resolve usernames enter a justification for why you're doing the resolution.
- Under Enter username to resolve, select From anonymized and enter the anonymized username, or select To anonymized and enter the original username to resolve. Click Resolve.
The action is audited in the portal’s Governance log.