This post was originally published here by Paul Sullivan .
Using shadow IT discovery is a great way to identify data leakage – but how can organizations be certain that it is effective? First-generation cloud access security brokers (CASBs) rely on manually curating lists of cloud apps in order to enable shadow IT discovery. Each app must be individually evaluated so that its level of risk can be identified. It must also be tied to domains and IP addresses so that it can be detected in network or proxy logs. Unfortunately, there are so many apps in existence that it is impossible to gather all of the necessary information manually. However, the Next-Gen CASB is automating this process to keep up with the ever-expanding number of cloud apps.
Automatically classifying apps is tricky business. It can be difficult to separate those that are trustworthy from those that are harmful. With Bitglass, machine learning assesses new apps by searching their webpages for select keywords and information. From there, this data is automatically compared to that of similar cloud apps in order to determine each application’s relative risk.
Another challenge for shadow IT discovery is properly associating web traffic logs with individual apps. If the data for these associations is incomplete, the extent to which specific apps are used can be completely misrepresented. Companies’ web traffic logs typically provide the domains (IP addresses) that employees visit. However, these IPs may map to AWS or content delivery networks that mask the associated apps. Exacerbating this problem further is the fact that multiple apps can share a single domain. For example, Office 365 has many apps on one service. Because of this, shadow IT discovery products need to analyze sub-domains and URL data in order to identify apps and differentiate between sub-apps.
Through machine learning, Bitglass is able to discover and categorize new apps automatically – the database is constantly growing. Our customers don’t have to worry about small or outdated lists that might overlook the apps or sub-apps that their employees are using. Our solution is able to monitor for threats in real time, securing data for the cloud-first enterprise.
