Last week researchers found dozens of companies had inadvertently exposed their sensitive corporate and customer data in their corporate Box accounts, because employees had created public sharing links to files and folders, which makes data easily discoverable.1
Figure 1: Data breach statistics via https://breachlevelindex.com/
Companies choose to make cloud storage services available to their employees to increase productivity by enabling teams to work together efficiently and collaborate with external parties. But data in Box, like other file storage services, is managed by the end users, who are mainly focused on being productive, and don’t always consider the implications of oversharing data.
Consequently, cloud storage locations can quickly become a source of overexposed information, unless IT has visibility into the data that’s being shared, and the relevant management capabilities are in place.
Microsoft Cloud App Security (MCAS) is a Cloud Access Security Broker (CASB), that enables you to protect your sensitive information anywhere in the cloud.
In this post we will walk you through how it enables you to understand your current exposure of information from existing cloud storage locations like box and how to control information sharing in these environments continuously to ensure IT oversight.
Gaining visibility into your Box environment
CASBs connect to cloud services, like Box, to provide an additional layer of protection. So even if there is a user or configuration mistake, they ensure that important corporate data is protected. Microsoft Cloud App Security provides you with comprehensive auditing and controls over your files in Box and gives you full visibility into all the actions performed in by both users and admins. These include actions related to file uploads, edits or sharing and administrative changes made to the overall environment.
After you connect Microsoft Cloud App Security to Box, MCAS automatically scans all existing files and once complete, you can use the file overview and powerful data management reports, that give you full visibility into all files stored in Box and lets you understand access levels, owners, and collaborators.
Figure 2: Data Management report – data sharing overview
Ensuring your data is protected
The powerful filtering capabilities allow you to identify overexposed files in your organization. Once you understand your data exposure, you can dive even deeper and identify whether any of these files contain sensitive or regulated data and take corrective action. To automate, you can also configure file policies that will scan for publicly accessible files and inspect their content, and then automatically apply governance actions such as labeling, changing sharing permissions, and placing a file in quarantine.
Figure3: File overview, filtering options and automatic governance actions that were applied
Continuous monitoring of suspicious behavior
Whether for forensics, or proactive detection of suspicious user activity, Microsoft Cloud App Security also provides a built-in behavioral analytics (UEBA) and machine learning (ML) engine, as well as out-of-the-box anomaly detection policies to detect numerous behavioral anomalies, that indicate compromised accounts and Insider Threats. Once a suspicious activity is detected, MCAS will automatically alert you, and automate remediation actions.
Figure 4: Suspicious user behavior alerts
The latest breach was focused on data that users shared without limiting the sharing to a specific person or group of people, and instead allowing anyone with the link to access the data. By using MCAS these organizations could have easily prevented any data from leaking from their Box environments by putting policies in place to look at publicly accessible files and automatically limit sensitive content from being shared so widely.
Protect your Box environment today. Start using Microsoft Cloud App Security, understand your current exposure and start putting the right controls in place to ensure your company name does not end up on the next list of leaks.