Introducing Safetica CASB for data protection in Microsoft 365

We are introducing new technology for protection of data in cloud environments. With Safetica CASB you can protect your valuable data in Microsoft 365, get more details from email audit, and prepare for even more future integrations.

In this article, you will learn about:


What is a Cloud Access Security Broker (CASB)?

CASB (Cloud Access Security Broker) is a type of security solution that helps organizations protect their data in cloud environments. CASB allows organizations to extend their security policies and procedures to the cloud and ensure that cloud-based data are accessed and shared securely.

Safetica CASB - present and future

With release of version 10.4 we are bringing you Safetica CASB as new solution for protection of data in cloud environments. Right now, Safetica CASB supports protection of data in Microsoft 365, with several improvements over our current Office 365 protection. It enhances email audit with detection of data classification, adds info regarding email sizes and attachment sizes. In the future Safetica CASB will offer integration with several other cloud environments.

How does Safetica CASB work

Safetica CASB is using an API-based deployment model. It connects with target cloud application or cloud service provider (i.e. Microsoft Exchange Online) through their APIs to monitor and control data accessed from managed and unmanaged devices. As a result, we can offer a high level of visibility over user activity in monitored application, be it from company devices, personal (BYOD) devices, or even mobile phones. As long as company Microsoft 365 account was used to perform that action.

Safetica CASB integration with Microsoft Exchange Online

When activating email protection using CASB, you will gain a comprehensive visibility into each email sent by your Microsoft 365 users.This includes also emails sent without any attachment.

One precondition for correct operation of this service is to create a mailflow rule in your Exchange Online. Based on this rule, Safetica is able to get a copy of each sent email in order to scrape the necessary metadata and create an audit (or DLP) log. Because adding Safetica as hidden recipient happens in Exchange Online, it is never visible to the email sender.

Frame 706c

  1. An email request is sent from email sender to Exchange Online.
  2. The email is sent to its intended destination by Exchange Online.
  3. Exchange Online adds internal Safetica address to hidden copy (BCC). Safetica analyzes the necessary data (sender, recipient(s), timestamp, email body size, attachment size). After the email is processed by CASB, it is immediately deleted from our queue, including all attachment(s).

💡 Note: You can find the step-by-step instructions for enabling email data protection in this article

    Considerations

    There are a few limitations of Safetica CASB protection in Microsoft Exchange Online compared to current O365 protection. These should be addressed in the future versions of Safetica. Namely, it concerns following differences

    • It only supports Exchange Online (not Exchange On-Premise).
    • It audits only sent emails.
    • It supports only logging policy modes. If you have the notification or blocking mode set up, Safetica will only log the email. The User override and Shadow copy features have the same limitation.
    • It supports only general policies and data policies based on metadata and 3rd party classification.
    • To enable the integration for another Safetica instance, you need to disable the previous one first. For testing separate Safetica instances, we recommend using different Office 365 tenants. You can also disable your current Safetica instance, and then enable the integration on another one.
    • If the admin adds a Distribution group from Exchange into a Safetica Zone, we evaluate only this specific address, not the addresses of individual users from that group. If the admin wanted to set the zone for the whole group, they must add all the users into it.

    ⚠️ Caution: At this moment it is not be possible to audit received emails when switching to the Microsoft 365 CASB technology. We are working on enabling this capability in the near future.

     

    Safetica CASB integration with Microsoft Sharepoint Online

    Safetica CASB is integrated with Microsoft Sharepoint Online from version 10.3.159. The capabilities of this integration currently covers only audit of selected file activity, but we are planning to extend this feature to include also sharing control. With sharing control, you will be able to change sharing access and ownership of files to protect them from possible data leak.

    💡 Note: Sharepoint Online integration includes also monitoring of file activity in Microsoft OneDrive for Business and Microsoft Teams, because both of these apps utilize SharePoint Online as the underlying storage platform.