Software-as-a-Service adoption accelerated rapidly during the pandemic as organizations turned to the cloud to give at-home employees access to key business applications. Microsoft 365 experienced particularly strong growth, adding nearly 4 million new users each month to become the world’s most popular cloud service.
While M365 delivers proven productivity benefits, it can also create unexpected security and performance challenges. Conventional methods of securing Internet traffic can seriously degrade application performance, which frustrates users and inhibits efficiency.
For years, organizations with distributed workforces either backhauled Internet traffic to a data center or routed it through a cloud proxy for deep inspection. Although these processes add to application latency, it was usually manageable for limited amounts of traffic. That’s all changed, however.
SaaS Traffic Jams
With dozens or even hundreds of employees remotely accessing productivity apps from many different locations — often simultaneously — M365 generates enormous volumes of traffic. What’s more, these connections usually involve much longer sessions times than a typical two-minute web search. According to one study, more than 60 percent of organizations that have migrated to M365 have encountered performance issues due to latency and bandwidth limitations.
Some organizations choose to skip the backhaul and inspection process, instead allowing remote employees to make direct Internet connections to the apps. They assume that the cloud provider’s security measures will provide all the protection they need. However, that’s a fundamental misunderstanding of the cloud security model.
All cloud providers operate under a shared responsibility framework in which users and the provider are responsible for different aspects of security. Generally speaking, providers are responsible for securing their cloud infrastructure, but customers must secure their data and endpoints. Most make it clear in their contracts that customers are responsible for identity and access management, data protection and other security controls.
It is an important distinction, particularly with cybercriminals looking to exploit the increase in remote work during the COVID-19 pandemic. According to one study, remote attacks on cloud services increased by 630 percent during the first four months of 2020. Microsoft officials say there are more than 300 million fraudulent sign-in attempts to M365 services every day.
Cisco is addressing the security challenges of SaaS usage with Umbrella, a secure Internet gateway (SIG) that eliminates the need for backhauling or cloud proxies. Umbrella combines multiple security functions into one solution, making it easier to extend protection to devices and users in distributed locations.
Umbrella provides a first line of defense with DNS-layer security. When a user clicks a link or types a web address, it triggers a DNS request to connect to the IP address of the requested domain. Umbrella checks the domain or IP address to determine if it’s associated with malicious activity. If so, users are routed to a block page instead. Umbrella also prevents malware from connecting to the attacker’s command-and-control servers.
Umbrella also reduces the inspection overhead by using a selective proxy mechanism that only routes risky domain requests for deeper inspection rather than proxying all traffic. Umbrella classifies all domains into three categories — good, bad and grey — based on the domain’s reputation score from the Cisco Talos Reputation Center. Good domains are connected, bad are blocked and grey are routed for inspection.
Umbrella is a platform that grows as your needs expand. Umbrella can be deployed as a SIG or play a critical role in achieving a Secure Access Services Edge (SASE).
If a migration to M365 is in your plans for 2021, give Cerium a call. With more and more cyberattacks targeting SaaS services, organizations must take steps protect their cloud-based resources. We can show you how to use Cisco Umbrella to secure your M365 environment without impacting application performance.