Use of Cloud App Security in the software whitelisting process
QWhen we are assessing a new Cloud Service, would it be possible to use the data which Microsoft have as in Cloud App Security as input?
A The software inventory is a core part of the Cloud App Security suite, so to use the information requires a license from Microsoft.
Why this question?
As Cloud App Security claims to “Identify more than 15,000 apps and assess risk based on 60 different parameters, including regulatory compliance. “ this could be a good source for supporting:
CIS Control 2: Inventory of Authorized & Unauthorized Software
The purpose of this CIS Control is to ensure that only authorized software is allowed to run on an organization’s systems. While an inventory of software is important, application whitelisting is a crucial part of this process, as it limits the ability to run applications to only those which are explicitly approved.
While not a silver bullet for defense, this CIS Control is often considered one of the most effective at preventing and detecting cyberattacks. Implementing CIS Control 2 often requires organizations to reconsider their policies and culture — no longer will users be able to install software whenever and wherever they like. But this CIS Control, already successfully implemented by numerous organizations, will likely provide immediate returns to an organization attempting to prevent and detect cyber attacks.
