Shadow IT in your networkIn order to adopt data protection, organizations must first identify which applications are being accessed by the users in their enterprise network. With Zscaler’s Shadow IT report, you get comprehensive visibility into cloud applications and usage filtered by data transactions from users accessing an application from different locations. customers can also mark an application as sanctioned or unsanctioned based on their corporate policy.As a result of the intelligence from Shadow IT report, customers can use the Cloud App Control rules to take action on unsanctioned or risky apps. This presents an interesting use case, as users often get access to their own enterprise version of a cloud application. For example, let’s say Company X has adopted GSuite as their corporate productivity tool. Users from Company X bought a domain and hence their own GSuite.
Now, if company X has allowed access to GDrive, users can potentially upload sensitive content to their enterprise version of GDrive.To solve this use case, we have implemented the Cloud App instance feature in the Zscaler Inline CASB, where customers can define their corporate instance of a cloud application by using a unique identifier. Furthermore, customers can use this defined instance in their Cloud App Control rule or DLP rule. This, along with granular controls, becomes a powerful tool for customers to surgically take control of users’ access.
Building on the previous example, company X can create an access control rule to give full access to their corporate SaaS. At the same time, they can create another rule to give read-only access to non-corporate or personal SaaS apps.
For large organizations with thousands of projects, departments, and business lines, it’s difficult for security administrators to keep track of different instances of the same cloud application accessed by users in the enterprise network. To help customers to autodiscover different instances, we have introduced a new reporting in ZIA—our Instance Discovery Report.
Problems Addressed by Application and Visibility ControlHere are some challenges organizations have which can be solved through Instance Discovery:
Data visibility and control:Our Instance Discovery Report ensures all SaaS applications and instances are identified, giving security teams a complete visibility into movement of sensitive data. This will also help organizations pinpoint data being accessed across different regions especially for compliance with laws like GDPR which mandate data localization.
Access control and risk mitigation:Organizations can create access control policies to give full access to corporate cloud applications for file sharing and collaboration in the enterprise network and block access to non-corporate applications. Through Instance Discovery, we will identify the users who are transacting sensitive data to non-corporate instances of cloud applications hence improving the security posture of an organization.
Cost optimization:With large-scale cloud deployments, there’s a risk of resource spill—instances may be running unnecessarily, leading to inflated cloud bills. By discovering all instances of a customer's cloud applications, we can identify unused or underutilized instances, optimize resource allocation, and reduce costs.
Improved incident response and monitoring:In the event of a security breach or incident, identifying which instances were affected is critical for rapid incident response. Without proper instance discovery, responding to a security incident can be delayed or ineffective, as key instances may go unnoticed. Effective instance discovery allows you to quickly assess which instances were compromised and apply appropriate remediation strategies.
Zscaler Instance Discovery Report Let’s have a look at how the Instance Discovery report can be useful for the customers by taking an example of “Google Cloud Platform”.
Resources in Google Cloud Platform are organized hierarchically for simpler management and access control. At the top of hierarchy we have the “Organization”, which further bifurcates into “Projects” and the lowest level of hierarchy are the “Resources”. With the help of Instance Discovery report we are providing the list of organizations, projects, and resources accessed by the users in the enterprise network.
The first level of visibility we provide is the total discovery of organizations, projects, resources, and users accessing these resources.
The next level of information is a trend graph which provides a view on the number of organizations, projects, and resources discovered per day. Customers can use this trend to understand the high-level usage of Google Cloud Platform.
We have also provided individual widgets for the top organizations, projects, resources and users. Each widget can be filtered by “Number of Transactions” and by its “Upload/Download Data”. This will help customers understand how much data is getting uploaded to non-corporate/personal GCP resources.
Now that we understand the corporate and non-corporate instances of GCP accessed by the users, we can dive into another use case where we determine which projects and resources are being accessed by users from discovered organizations.s.In the above snippet, we have discovered three Organizations, ten projects, and ten resources. Customers need to have visibility to which organizations these ten projects and resources are part of. This information is critical, as it will help customers to take control by restricting users to corporate GCP organizations.
In the above snippet, we have an “Analyze More” option which will provide this information:
This provides a drill-down view of Organization -> Projects -> Resources. Customers can find the list of projects which are part of the discovered organization and each resource part of projects.
We are also providing a “more details” option on each discovered entity for GCP which will provide a view of the users accessing the GCP resources.In the below snippet, we are showing the list of users who have accessed Organization/Project/Resource. Customers can also download a csv to do offline analysis of the information provided.
Instance Discovery is a simple yet powerful way of getting analytics around the visibility aspect of Data Protection. Through this report, customers can make the informed decision of restricting the users to specific instances through Zscaler’s Cloud Application Instances and Tenant Restrictions, which will improve the overall security posture of an enterprise.
↧