Our objective is to deliver the Shadow IT Assessment, including:

• Good security principals that cover people, process, and technology solutions
• Improve the security posture when it comes to usage of cloud applications and services
• The assessment is based on the discovery of usage of cloud applications and services

IT Partner responsibilities #

• Gain an understanding of customer's cloud security objectives and requirements towards cloud usage and verify them against real usage of cloud applications and services
• Provide guidance, recommendations, and best practices on how to successfully use Microsoft Cloud App Security (CAS) to mitigate security threats that are associated with usage of cloud application and services
• Provide a prioritized and actionable road map for the customer containing proposed actions based on user impact and implementation cost
• Map Microsoft CAS capabilities and partner services to assessment findings, taking into account customer's security objectives and requirements

Client responsibilities #

• Information: This includes accurate, timely (within three business days or as mutually agreed upon), and complete information
• Access to people: This includes access to knowledgeable customer personnel, including business user representatives, and access to funding if additional budget is needed to deliver project scope Access to knowledgeable personnel who manage the firewalls, can provide credentials for log extraction, and can alter firewall rules if necessary
• Access to systems: This includes access to all necessary customer work locations, networks, systems, and applications (remote and on-site)
• A work environment: This consists of suitable work spaces, including desks, chairs, and Internet access.

Prerequisites #

• Microsoft 365 tenant and Microsoft Cloud App Security service, either customer production Microsoft 365 tenant with CAS (through E5 license) or trial Microsoft 365 tenant and CAS trial (for up to 30 days)
• Access to logs from customer firewalls or proxies
• Infrastructure to host Log Collector (if applicable) More info

Plan #

The Shadow IT Assessment typically consists of an up to two-hour remote kickoff meeting, followed by on-site assessment workshops split into three days (Day 1, 2, and 3) over up to four consecutive weeks, preceded by preparations and followed by clean-up activities.

Week One -- Kickoff

• Introduction to the engagement: objectives, flow, responsibilities, and governance
• Provide and explain preassessment questionnaire to the customer
• Make key decisions on resources and tools that will be used in the engagement

Week Two -- Day 1

Day 1 -- Education & Setup, whole-day on-site workshop

• Review of questionnaire in order to get mutual understanding, especially over customer's cloud usage and associated security objectives and requirements
• Provide education and readiness on Microsoft Cloud App Security
• Technical setup of tools (tenant setup, log upload, Log Collector).

Week Three or Four -- Day 2

Day 2 -- Exploration & Discovery, whole-day on-site workshop

• Review the CAS report(s) with the customer
• Exploration of specific use cases of cloud usage in the portal
• Creation of final report from engagement, highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services)
• Creation of Cloud Usage Visibility and Control road map

Week Three or Four -- Day 3

Day 3 -- Review & Road map, half-day on-site (or remotely delivered) workshop

• Presentation and discussion of the final report from the engagement, highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services)
• Review of Cloud Usage Visibility and Control road map

Week Three or Four -- Day 3

• Removing uploaded logs
• Decommissioning of Log Collector
• Closing Microsoft 365 and CAS trials (if needed)

[Please note.]{.mark} There's a specific need for extra time to be inserted:

• between Kickoff and Day 1 -- at least one (1) week -- time necessary for customer to prepare and fill in the questionnaire, as well as time for IT Partner to prepare some engagement tools (trial Microsoft 365 tenant and trial CAS)
• between Day 1 and Day 2:
  • at least 2 -- 3 days if using the manual method of uploading logs to CAS -- this time is needed for CAS to parse and analyze logs
  • at least two (2) (ideally three) weeks if logs are uploaded to CAS automatically via the Log Collector -- this time is needed to collect, parse, and analyze a reasonable amount of logs
• between Day 2 and Day 3 -- these days can potentially be adjacent, but for more sophisticated customers, it is advisable to insert a day or two to allow the partner delivery resource to work on preparation of engagement deliverables

Example Schedule #

Day One

[Workshop]{lang="EN-GB"}

Description

Outcome

Customer attendees

[Time]{lang="DE-AT"}

On-site Engagement Overview

[Provides an overview of the on-site agenda and goals as well as an opportunity to cover Q&A and project governance.]{lang="DE-AT"}

[Agreed plan and schedule for the on-site assessment.]{lang="DE-AT"}

All project team

[60 minutes]{lang="DE-AT"}

[Review Questionnaire]{lang="DE-AT"}

[Review the completed questionnaire.]{lang="DE-AT"}

Prioritized list of security requirements

All project team

[60 minutes]{lang="DE-AT"}

Introduction to Cloud App Security

[Overview ]{lang="DE-AT"}of Microsoft CAS [outlining Microsoft's approach to ]{lang="DE-AT"}getting visibility and control over cloud usage[.]{lang="DE-AT"}

Sets the stage and provides a high-level overview of Microsoft CAS features

[Security Architect]{lang="DE-AT"}s

[Security Engineers]{lang="DE-AT"}

Network [Engineers]{lang="DE-AT"} (if applicable)

[M365 Tenant Admin ]{lang="PL"}

[60 minutes]{lang="DE-AT"}

[Lunch]{lang="DE-AT"}

[60 minutes]{lang="DE-AT"}

Demonstrate Cloud App Security visibility and control over cloud usage

Get a better understanding of [Microsoft's approach to ]{lang="DE-AT"}getting visibility and control over cloud usage[.]{lang="DE-AT"}

Deep dive into selected Microsoft CAS features (especially "Discovery")

[Security Architect]{lang="DE-AT"}s

[Security Engineers]{lang="DE-AT"}

Network [Engineers]{lang="DE-AT"} (if applicable)
M365 Tenant Admin

[60 minutes]{lang="DE-AT"}

[Technical ]{lang="DE-AT"}Setup with the customer

Setting up M365 and CAS for Shadow IT discovery

Logs from customer's firewalls/proxies provided to CAS for analysis
[Log Collector deployed, if needed.]{lang="PL"}

[Security Engineers]{lang="DE-AT"}

Network [Engineers]{lang="DE-AT"} (if applicable)

[M365 Tenant Admin ]{lang="PL"}

[180]{lang="PL"}[ minutes]{lang="DE-AT"}

Day Two

[Workshop]{lang="EN-GB"}

Description

Outcome

Customer attendees

[Time]{lang="DE-AT"}

Guided exploration with the customer

Review of the CAS report(s) with the customer
Exploration of specific use cases of cloud usage in the portal

Visibility into cloud usage in customer's environment[.]{lang="DE-AT"}

[Security Architect]{lang="DE-AT"}s

[Security Engineers]{lang="DE-AT"}

M365 Tenant Admin

[180]{lang="PL"}[ minutes]{lang="DE-AT"}

[Lunch]{lang="DE-AT"}

[60 minutes]{lang="DE-AT"}

Create Shadow IT Discovery report

Creation of the final report from the engagement, highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services)

[Discovery report]{lang="PL"}.

None

NOTE: Occasional access to M365 Tenant Admin might be necessary.

[180]{lang="PL"}[ minutes]{lang="DE-AT"}

Create Cloud Usage Visibility and Control road map

Creation of prioritized and actionable road map for the customer, containing proposed actions, considering user impact and implementation cost

NOTE: Actions can include user awareness campaigns/training, blocking/control mechanisms, deployment of discovery/control through Microsoft CAS deployment

Cloud Usage Visibility and Control road map[.]{lang="DE-AT"}

[None. ]{lang="PL"}

[60 minutes]{lang="DE-AT"}

Day Three

Workshop

Description

Outcome

Customer attendees

[Time]{lang="DE-AT"}

Review of Shadow IT Discovery report

Presentation and discussion of the final report from the engagement, highlighting discovered cases of Shadow IT (usage of unapproved cloud applications or services).

Mutual understanding of discovery report

All project team

[120]{lang="PL"}[ minutes]{lang="DE-AT"}

Review of Cloud Usage Visibility and Control road map

Presentation and discussion of prioritized and actionable road map for the customer, containing proposed actions, considering user impact and implementation cost

Mutual understanding of Cloud Usage Visibility and Control road map[.]{lang="DE-AT"}

All project team

[3]{lang="PL"}[0 minutes]{lang="DE-AT"}

Project close-out and next steps

Summary [and discussion of next steps.]{lang="DE-AT"}

[Provide an engagement summary and clear steps with tangible outcomes.]{lang="DE-AT"}

All project team

[3]{lang="PL"}[0 minutes]{lang="DE-AT"}

[Lunch]{lang="DE-AT"}

[60 minutes]{lang="DE-AT"}

Project [CleanUp]{lang="PL"}

Removing uploaded logs, decommissioning Log Collector, closing O365 and CAS trials

Customer environment left in clean state

[O365 Tenant Admin]{lang="PL"}

[60 minutes]{lang="DE-AT"}

Results #

• Kickoff presentation (work product), overview of the engagement covering vision and objectives, requirements and next steps
• Pre-assessment questionnaire (work product), a questionnaire containing questions on cloud usage/adoption, security requirements and objectives, regulations and frameworks.
• Shadow IT Discovery Report (deliverable), a document containing a list of discovered possible Shadow IT usage and recommendations for their further investigation
• Cloud Usage Visibility and Control road map, a prioritized, actionable road map for addressing discovered cloud usage, especially its Shadow IT aspect, including mapping capabilities of Cloud App Security in the customer's environment.