Understand the Defender for Cloud Apps Framework

  • 2 minutes

Cloud access security broker (CASBs) are defined by Gartner as security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. CASBs consolidate multiple types of security policy enforcement.

In other words, CASBs are the intermediaries between your users and all of the cloud services they access. CASBs help you to apply monitoring and security controls over your users and data. CASBs for cloud services are like firewalls to corporate networks.

Microsoft Defender for Cloud Apps is a CASB that helps you identify and combat cyberthreats across Microsoft and third-party cloud services. Microsoft Defender for Cloud Apps integrates with Microsoft solutions, providing simple deployment, centralized management, and innovative automation capabilities.

The following graphic shows the flow of information around your organization. You can see how Defender for Cloud Apps functions as an intermediary between apps, data, and users.

Workflow diagram shows how data flows into and out of Defender for Cloud Apps, cloud apps, and cloud traffic in an organization. Each group is connected by two lines, going opposite directions that represent the inflow and outflow of data.

There are four elements to the Defender for Cloud Apps framework:

  • Discover and control the use of Shadow IT: Identify the cloud apps, IaaS, and PaaS services used by your organization. How many cloud apps do you think are used by your users? The apps you don't know about, on average totaling more than 1,000, are your "Shadow IT". When you know which apps are being used, you'll better understand and control your risk.
  • Protect your sensitive information anywhere in the cloud: Understand, classify, and protect sensitive information at rest. To help you avoid accidental data exposure, Defender for Cloud Apps provides data loss prevention (DLP) capabilities that cover the various data leak points that exist in organizations.
  • Protect against cyberthreats and anomalies: Detect unusual behavior across apps, users, and potential ransomware. Defender for Cloud Apps combines multiple detection methods, including anomaly, user entity behavioral analytics (UEBA), and rule-based activity detections, to show who is using the apps in your environment, and how they're using them.
  • Assess the compliance of your cloud apps: Assess if your cloud apps comply with regulations and industry standards specific to your organization. Defender for Cloud Apps helps you compare your apps and usage against relevant compliance requirements, prevent data leaks to noncompliant apps, and limit access to regulated data.