Our objective is to deliver the Shadow IT Assessment, including:
- Good security principals that cover people, process, and technology solutions
- Improve the security posture when it comes to usage of cloud applications and services
- The assessment is based on the discovery of usage of cloud applications and services
IT Partner responsibilities #
- Gain an understanding of customer's cloud security objectives and requirements towards cloud usage and verify them against real usage of cloud applications and services
- Provide guidance, recommendations, and best practices on how to successfully use Microsoft Cloud App Security (CAS) to mitigate security threats that are associated with usage of cloud application and services
- Provide a prioritized and actionable road map for the customer containing proposed actions based on user impact and implementation cost
- Map Microsoft CAS capabilities and partner services to assessment findings, taking into account customer's security objectives and requirements
Client responsibilities #
- Information: This includes accurate, timely (within three business days or as mutually agreed upon), and complete information
- Access to people: This includes access to knowledgeable customer personnel, including business user representatives, and access to funding if additional budget is needed to deliver project scope Access to knowledgeable personnel who manage the firewalls, can provide credentials for log extraction, and can alter firewall rules if necessary
- Access to systems: This includes access to all necessary customer work locations, networks, systems, and applications (remote and on-site)
- A work environment: This consists of suitable work spaces, including desks, chairs, and Internet access.
Prerequisites #
- Microsoft 365 tenant and Microsoft Cloud App Security service, either customer production Microsoft 365 tenant with CAS (through E5 license) or trial Microsoft 365 tenant and CAS trial (for up to 30 days)
- Access to logs from customer firewalls or proxies
- Infrastructure to host Log Collector (if applicable) More info
Plan #
The Shadow IT Assessment typically consists of an up to two-hour remote kickoff meeting, followed by on-site assessment workshops split into three days (Day 1, 2, and 3) over up to four consecutive weeks, preceded by preparations and followed by clean-up activities.
Week One -- Kickoff
- Introduction to the engagement: objectives, flow, responsibilities, and governance
- Provide and explain preassessment questionnaire to the customer
- Make key decisions on resources and tools that will be used in the engagement
Week Two -- Day 1
Day 1 -- Education & Setup, whole-day on-site workshop
- Review of questionnaire in order to get mutual understanding, especially over customer's cloud usage and associated security objectives and requirements
- Provide education and readiness on Microsoft Cloud App Security
- Technical setup of tools (tenant setup, log upload, Log Collector).
Week Three or Four -- Day 2
Day 2 -- Exploration & Discovery, whole-day on-site workshop
- Review the CAS report(s) with the customer
- Exploration of specific use cases of cloud usage in the portal
- Creation of final report from engagement, highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services)
- Creation of Cloud Usage Visibility and Control road map
Week Three or Four -- Day 3
Day 3 -- Review & Road map, half-day on-site (or remotely delivered) workshop
- Presentation and discussion of the final report from the engagement, highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services)
- Review of Cloud Usage Visibility and Control road map
Week Three or Four -- Day 3
- Removing uploaded logs
- Decommissioning of Log Collector
- Closing Microsoft 365 and CAS trials (if needed)
[Please note.]{.mark} There's a specific need for extra time to be inserted:
- between Kickoff and Day 1 -- at least one (1) week -- time necessary for customer to prepare and fill in the questionnaire, as well as time for IT Partner to prepare some engagement tools (trial Microsoft 365 tenant and trial CAS)
- between Day 1 and Day 2:
- at least 2 -- 3 days if using the manual method of uploading logs to CAS -- this time is needed for CAS to parse and analyze logs
- at least two (2) (ideally three) weeks if logs are uploaded to CAS automatically via the Log Collector -- this time is needed to collect, parse, and analyze a reasonable amount of logs
- between Day 2 and Day 3 -- these days can potentially be adjacent, but for more sophisticated customers, it is advisable to insert a day or two to allow the partner delivery resource to work on preparation of engagement deliverables
Example Schedule #
Day One
[Workshop]{lang="EN-GB"}
Description
Outcome
Customer attendees
[Time]{lang="DE-AT"}
On-site Engagement Overview
[Provides an overview of the on-site agenda and goals as well as an opportunity to cover Q&A and project governance.]{lang="DE-AT"}
[Agreed plan and schedule for the on-site assessment.]{lang="DE-AT"}
All project team
[60 minutes]{lang="DE-AT"}
[Review Questionnaire]{lang="DE-AT"}
[Review the completed questionnaire.]{lang="DE-AT"}
Prioritized list of security requirements
All project team
[60 minutes]{lang="DE-AT"}
Introduction to Cloud App Security
[Overview ]{lang="DE-AT"}of Microsoft CAS [outlining Microsoft's approach to ]{lang="DE-AT"}getting visibility and control over cloud usage[.]{lang="DE-AT"}
Sets the stage and provides a high-level overview of Microsoft CAS features
[Security Architect]{lang="DE-AT"}s
[Security Engineers]{lang="DE-AT"}
Network [Engineers]{lang="DE-AT"} (if applicable)
[M365 Tenant Admin ]{lang="PL"}
[60 minutes]{lang="DE-AT"}
[Lunch]{lang="DE-AT"}
[60 minutes]{lang="DE-AT"}
Demonstrate Cloud App Security visibility and control over cloud usage
Get a better understanding of [Microsoft's approach to ]{lang="DE-AT"}getting visibility and control over cloud usage[.]{lang="DE-AT"}
Deep dive into selected Microsoft CAS features (especially "Discovery")
[Security Architect]{lang="DE-AT"}s
[Security Engineers]{lang="DE-AT"}
Network [Engineers]{lang="DE-AT"} (if applicable)
M365 Tenant Admin
[60 minutes]{lang="DE-AT"}
[Technical ]{lang="DE-AT"}Setup with the customer
Setting up M365 and CAS for Shadow IT discovery
Logs from customer's firewalls/proxies provided to CAS for
analysis
[Log Collector deployed, if needed.]{lang="PL"}
[Security Engineers]{lang="DE-AT"}
Network [Engineers]{lang="DE-AT"} (if applicable)
[M365 Tenant Admin ]{lang="PL"}
[180]{lang="PL"}[ minutes]{lang="DE-AT"}
Day Two
[Workshop]{lang="EN-GB"}
Description
Outcome
Customer attendees
[Time]{lang="DE-AT"}
Guided exploration with the customer
Review of the CAS report(s) with the customer
Exploration of specific use cases of cloud usage in the portal
Visibility into cloud usage in customer's environment[.]{lang="DE-AT"}
[Security Architect]{lang="DE-AT"}s
[Security Engineers]{lang="DE-AT"}
M365 Tenant Admin
[180]{lang="PL"}[ minutes]{lang="DE-AT"}
[Lunch]{lang="DE-AT"}
[60 minutes]{lang="DE-AT"}
Create Shadow IT Discovery report
Creation of the final report from the engagement, highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services)
[Discovery report]{lang="PL"}.
None
NOTE: Occasional access to M365 Tenant Admin might be
necessary.
[180]{lang="PL"}[ minutes]{lang="DE-AT"}
Create Cloud Usage Visibility and Control road map
Creation of prioritized and actionable road map for the customer, containing proposed actions, considering user impact and implementation cost
NOTE: Actions can include user awareness campaigns/training,
blocking/control mechanisms, deployment of discovery/control through
Microsoft CAS deployment
Cloud Usage Visibility and Control road map[.]{lang="DE-AT"}
[None. ]{lang="PL"}
[60 minutes]{lang="DE-AT"}
Day Three
Workshop
Description
Outcome
Customer attendees
[Time]{lang="DE-AT"}
Review of Shadow IT Discovery report
Presentation and discussion of the final report from the engagement, highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services).
Mutual understanding of discovery report
All project team
[120]{lang="PL"}[ minutes]{lang="DE-AT"}
Review of Cloud Usage Visibility and Control road map
Presentation and discussion of prioritized and actionable road map for the customer, containing proposed actions, considering user impact and implementation cost
Mutual understanding of Cloud Usage Visibility and Control road map[.]{lang="DE-AT"}
All project team
[3]{lang="PL"}[0 minutes]{lang="DE-AT"}
Project close-out and next steps
Summary [and discussion of next steps.]{lang="DE-AT"}
[Provide an engagement summary and clear steps with tangible outcomes.]{lang="DE-AT"}
All project team
[3]{lang="PL"}[0 minutes]{lang="DE-AT"}
[Lunch]{lang="DE-AT"}
[60 minutes]{lang="DE-AT"}
Project [CleanUp]{lang="PL"}
Removing uploaded logs, decommissioning Log Collector, closing O365 and CAS trials
Customer environment left in clean state
[O365 Tenant Admin]{lang="PL"}
[60 minutes]{lang="DE-AT"}
Results #
- Kickoff presentation (work product), overview of the engagement covering vision and objectives, requirements and next steps
- Pre-assessment questionnaire (work product), a questionnaire containing questions on cloud usage/adoption, security requirements and objectives, regulations and frameworks.
- Shadow IT Discovery Report (deliverable), a document containing a list of discovered possible Shadow IT usage and recommendations for their further investigation
- Cloud Usage Visibility and Control road map, a prioritized, actionable road map for addressing discovered cloud usage, especially its Shadow IT aspect, including mapping capabilities of Cloud App Security in the customer's environment.
Share
Related services
Shadow IT Assessment Workshop (Remote)
Shadow IT is a term that refers to applications and infrastructure that are managed and utilized without the knowledge of the enterprise's IT department. The Shadow IT Assessment is a structured engagement helping customers discover Shadow IT. The assessment uses Microsoft Cloud App Security to evaluate usage of cloud applications and services from within an organization's network.
Rapid Cyberattack Assessment Workshop (Remote)
This workshop is an opportunity to receive deeper visibility on potential vulnerability to rapid cyberattacks. You may have already been a victim of an attack; maybe you are unsure about your status of defensive measures, or would like to obtain a risk assessment related to rapid cyberattacks.