Maricopa County is the largest county in the state of Arizona and the fourth largest in the United States. With over 3.8 million in population and 15,000 employees, Maricopa County’s CIO, David Stevens, wanted to fully understand where their data was going and who had access to it, as granular visibility is essential to maintaining the agency’s security.
“We needed to be able to understand our cloud usage so we could reduce our risk, educate our users, and provide them with a safer mode to do business,” says Stevens. “We knew a CASB would give us the actionable data we needed.”
Reducing Risk through User Education and Threat Detection
“We had customers who were using cloud services for legitimate business needs,” says Stevens. “Now, we have better visibility to redirect them to safer services – those that are not associated with malware or don’t have high risk attributes. As a result, we have reduced our risk exposure.”
In addition to understanding the types of services being used, it was important for Stevens and his team to fully understand the risk associated with each service, and restrict access to providers that were considered high-risk, or known to be associated with malware.
“We were reliant on our proxy servers to categorize and block anything that was considered to be malicious based on a set threat tolerance,” says Stevens. “We found that the Skyhigh model provides us more insight into what the threats actually are, and supplements our threat intelligence by providing specific data about what people are accessing, allowing us to mitigate the risk of malicious actors.”
After deploying Skyhigh, Stevens was surprised to discover that there were over 500 different cloud services in use at Maricopa County.
“I didn’t realize there were so many different cloud services,” he says. “I knew we would see some of the big ones, but without the visibility Skyhigh provides us, I would have never known about the rest.”
With insight into cloud usage at Maricopa County, Stevens is now able to enforce effective risk-based governance policies by blocking high-risk services more thoroughly than through proxy servers alone, uncover gaps caused by inconsistent configurations for new cloud service URLs, and set alerts for suspicious activity that may be caused by an insider threat or a compromised account.
According to Stevens, his team has come across a handful of anomalous behaviors, which have triggered security alerts. Fortunately, the activity turned out to be non-malicious in nature, but he has used the alerts as an opportunity to close security gaps and enforce consistent policies across their existing infrastructure.
Enabling Cloud to Close the IT Services Gap
Over the past few years, the team at Maricopa County has been reviewing and quantifying cloud usage across the agency to understand how to best enable their customers.
“Skyhigh provides insight into the IT service gap,” says Stevens. “This enables us to find trends and patterns so we can provide better services to our customers, and make the better choices for our long-term strategic planning and investments.”
With a large and sophisticated existing infrastructure, it was important to the team that new technologies were able to integrate without any added friction. “We have been able to seamlessly integrate Skyhigh with our single sign-on provider, our Active Directory, and proxy, giving our existing platforms a higher level of cloud intelligence,” says Stevens.
This level of integration has allowed Stevens and his team to apply new categories and tagging capabilities to their dashboard, enabling them to apply customized cloud governance policies and access controls for different business units within the agency.
“The additional visibility we have received into the types of services being used, and where our data is going has further supported the adoption of cloud technologies,” he says.
The customized controls allow for further evaluation of the IT services gap. “As a result of the data and learning we are doing, we have the actionable information we need to proactively propose new solutions and help close the services gap as we move forward on our cloud journey,” says Stevens.