What is our primary use case?
The use case is for getting visibility over cloud applications that our users are consuming, how they consume it, and using the protection which comes with Cloud App Security with that visibility. It provides monitoring and visibility into cloud apps that our users are using and has ;a layer of security wrapped around that. It identifies malicious activity, if it's occurring, and provides overall protection of our company data from things like data exfiltration and all the other integrations that it has with other Microsoft security products.
It is protecting approximately 800 users. We have four other sources feeding into it from other products that we use. We have several thousand applications for which we get reports and visibility.
It is one of our core tools for monitoring and managing our security posture. In the future, I don't see that changing much. At this stage, I think we are at a good level of how we are using it.
How has it helped my organization?
It has helped identify areas where we should improve, make changes to improve, the reason why we should make a change, and the impact of making the change. So, it helps drive us to make changes and see the benefits of those changes.
We have become more aware of what services our users are using, how often they are using them, and what data is being sent out of the organization and to which services. So, it is really a lot about visibility and helping us make decisions based on that. It drives some of our policy decisions for adding extra security controls.
It has all been very seamless to our users. It indirectly positively impacts them because we are keeping them more secure. No one has been saying, "Because we are using this product, it is slowing me down or causing me problems." As standard users, they wouldn't really need to know that this solution exists. They just rely on us to keep them safe.
What is most valuable?
- Helps us have a view into our overall security posture and how we can improve it.
- The ability to perform investigations is very useful.
- Identifying the number of applications, particularly connected via OAuth.
- Has great, general overall visibility of who is using what and how.
- We are using it as an indicator for any indicators of compromise that might be coming up.
Identity security posture points out a preset number of security posture improvements, or areas of focus, and whether they are being met. It also points out what changes need to be made in order to meet them. Therefore, we can have better security posture.
There is a feature called security configuration. This is across the whole Microsoft set of products regarding what changes can be done. Specifically within a product, we use it to improve the security posture by making changes.
What needs improvement?
They should continue integration with all other Microsoft security-related products. The integration with all the other products is still ongoing. However, the solution has already begun scaling to meet the needs of getting visibility through from other products as well.
For how long have I used the solution?
What do I think about the stability of the solution?
The stability has been fantastic. I have no complaints at all. It has been 100%.
What do I think about the scalability of the solution?
The scalability is really good. It has improved while I have been using it. It definitely appears to be able to scale easily and well.
How are customer service and technical support?
The technical support is very good. They are responsive, knowledgeable, and skilled. We have great communication with them.
Which solution did I use previously and why did I switch?
This is the only CASB product that I have ever used.
How was the initial setup?
Anecdotally, I believe the initial setup is quite straightforward.
What about the implementation team?
According to the person who originally set up the solution in our organization, but has since left, it was originally straightforward to set up.
My colleague and I share the day-to-day maintenance for one person. It needs only a few hours a day to get a lot out of it.
What was our ROI?
We have seen ROI. Its main capabilities are:
- The protection that it gives.
- The protection for cloud products.
- It helps with the improvement of our overall security posture.
What other advice do I have?
Make full use of all the options available and focus a lot on policies. There are a lot of policies and alerts available which might not be used to their fullest extent.
We are pretty happy with how it all works and fits together.
I would rate this solution as a solid nine (out of 10). The product is constantly improving. It has a low amount of false positives, i.e., true alerts identified as requiring attention.
Which version of this solution are you currently using?