CloudLock Series: Part 1 – Permissions Contained
Hi! I’m Mike, we’ve just met, and I’d like full, permanent, and unmonitored access to your contacts. Don’t want to give that up, huh? How about your calendar? Email? Maybe all your files?
In this 3-part series, we’ll discover you don’t know what access your users have freely given up to that developer without a name and what to do about it.
On the surface, it sounds ridiculous to give these kinds of permissions to someone you’ve just met and yet we’re all happy to give those same permissions to people and companies we’ve never met. Why does the app for my “smart” fridge need to know about my contacts? Moreover, why would I give them that permission without knowing what they do with it and who it will be shared with? Browser plugins, email clients, even that new BOT you just activated in your Webex Teams or Slack for teams ask for permissions to your data. Just about any application that uses your work email address all ask for and use similar permissions.
Here’s the challenge: how do you STOP your users from connecting apps to your corporate environment and handing out those same permissions, and how do you know what permissions have already been allowed?
Cisco Cloudlock, a ‘Cloud Access Security Broker’ – or CASB for short, secures your cloud users, their data, and apps all from one cloud-delivered tool.
In this part, we’ll focus on the ‘Apps Firewall’. Cloudlock connects with each of your cloud-delivered applications: Office 365, GSuite, Salesforce, Slack, Cisco Webex Teams, Box, Dropbox, ServiceNow, Okta, Amazon Web Services (AWS) and Onelogin (all currently supported as of this writing). In doing so, Cloudlock can discover each and every user you have and each and every permission they’ve handed out to third-parties all through existing APIs.
Cloudlock then provides a dashboard of each application which has access to YOUR data, the number of users using that app, the permissions allowed, and a crowdsourced indicator of risk associated with allowing that app.
From here administrators can manually or automatically trust, audit or block and revoke access to apps of their choosing based on several factors including the access scopes requested. Cloudlock can also monitor for privilege escalation and act. A number of predefined policies come right out of the box with customizable detection criteria and response actions.
With Cloudlock you’ll no longer have to guess the kind of access that’s been offered by your own users into your corporate cloud-stored data.
At Greyson Technologies we’re invested in our customers’ success. Reach out today for an engineer led Cisco Cloudlock demo in your own environment. Let’s discover and be surprised together the access third-party apps have to your data.
ABOUT MIKE PROSSER
Mike is a Senior Collaboration Engineer based out of Orlando, FL. He has a CCNP in Collaboration and is an Express Collaboration Field Engineer Representative, Advanced Video System Engineer Representative, and a Cisco IP Contact Center Express Representative. Mike loves Cisco Spark and is a self-proclaimed baking expert (but really, he just knows how to make cookies).