CloudLock Series: Part 3 – Permissions Contained

Meet Steve. Steve is a traveler. Steve travels so much that his IT friends can never keep track of where he’s off to next.

Steve’s IT friends can monitor the velocity of Steve and prevent Steve’s GSuite account from logging in from geographically disparate locations at the same time; sounds great!
And wouldn’t you know, those unscrupulous attackers only breach one platform at a time. So helpful.


In this 3-part series, we’ll discover you’re not actually seeing the whole picture monitoring individual cloud-delivered applications and how to fix it. More after the jump.

Can Steve’s IT friends monitor if Steve logged into O365 in Florida and downloaded a file from Box in California? Moreover, can they even see if he logged into Webex Teams in Wisconsin and logged into Salesforce in Indiana?

We all know you can, sadly, only be in one place at a time. We all know many of our cloud-delivered applications can monitor logins for unusual travel patterns and velocity of users. But how do we tie these activities together across platforms to get a whole picture of what your user accounts are up to on the wild internet?

Cisco Cloudlock, a ‘Cloud Access Security Broker’ – or CASB for short, secures your cloud users, their data, and apps all from one cloud-delivered tool.

In this part, we’ll focus on ‘Event Analysis’. Cloudlock connects with each of your cloud-delivered applications: Office 365, GSuite, Salesforce, Slack, Cisco Webex Teams, Box, Dropbox, ServiceNow, Okta, Amazon Web Services (AWS) and Onelogin. In doing so, Cloudlock tracks each activity a user makes – things like logins, account changes, and file manipulation – all through existing platform API’s.

Cisco Cloudlock automatically creates a dashboard to show unusual account activity using various indicators of compromise.

From here administrators can build policies to monitor unusual activities that fit their companies travel patterns. Administrators can also add a curated list of suspect IP addresses from Cisco’s CyberLab and suspicious IP library to their policies and take action based on policy violation. Users never travel to Indonesia? Add it to the blacklist countries. A policy is violated? Notify administrators and remove access to their files until the issue is resolved. Additionally, add velocity checking to ensure events aren’t occurring at localities your users couldn’t possibly have traveled to based on speed of travel.

With Cloudlock you’ll even keep Steve secured and get the whole picture across all your cloud-delivered applications.

At Greyson Technologies we’re invested in our customers’ success. Reach out today for an engineer led Cisco Cloudlock demo in your own environment, let’s discover and be surprised together the kind account activities your users have.


Greyson Technologies, Mike Prosser, Senior Collaboration EngineerMike is a Senior Collaboration Engineer based out of Orlando, FL. He has a CCNP in Collaboration and is an Express Collaboration Field Engineer Representative, Advanced Video System Engineer Representative, and a Cisco IP Contact Center Express Representative. Mike loves Cisco Spark and is a self-proclaimed baking expert (but really, he just knows how to make cookies).