SlideShare a Scribd company logo

EveryCloud 5-steps-cloud-confidence

Paul Richards, profile picture
Paul Richards

The document discusses the five steps that organizations can take to gain confidence in their use of cloud applications and services: 1. Find all cloud apps in use, both sanctioned and unsanctioned, and understand the risks they pose. 2. Analyze how the apps are being used by understanding user behavior and activity. 3. Use analytics to monitor app usage, detect anomalies, and conduct forensic investigations when issues arise. 4. Implement data loss prevention policies and profiles to identify and prevent sensitive data from leaving the organization's control. 5. Enforce security and compliance policies in real-time for any cloud app through granular policy controls. Taking these five steps would allow

1 of 12
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
THE 5 STEPS TO CLOUD CONFIDENCE ®
WHITE PAPER 2 CLOUD APPS LET PEOPLE GO FAST Organizations are adopting cloud apps in a big way. Today accounting for 23 percent of IT spend, cloud computing has accelerated because it allows people to get their jobs done more quickly, easily, and flexibly than traditional computing tools. Cloud apps—the most visible and adopted segment of cloud computing—have proliferated in enterprises and have now reached a tipping point. Forrester predicts the SaaS market to total $93 billion in 2016. Netskope™ counts thousands of cloud apps being used in enterprises today. Cloud apps are increasingly common in nearly every kind of enterprise. Sometimes this is because they are cheaper to buy and operate. Other times it’s because people want to be nimble, deploying an app faster and taking advantage of the latest product features sooner than they would with on-premises software. And other times it’s because people don’t want to coordinate across the many gatekeepers—operations, hardware, networking, and security—required to make a software roll-out successful. Cloud apps have reached a level of maturity and feature richness that they are now mainstream. In fact, they are reaching a tipping point in organizations. IDC expects nearly a third of companies to source greater than half of their IT spend from the public cloud in 2016. AN OPPORTUNITY FOR IT AND THE BUSINESS While IT has ownership or responsibility for some cloud apps, people are now more than ever empowered to go outside of IT and deploy their own apps. This means they are procuring, paying for, managing, and using these apps without IT’s involvement. This is a good thing for the business because it lets users get their jobs done more efficiently. But it also means that there is no way for IT to consistently manage and secure all of the cloud apps running across the organization, whether “shadow IT” or sanctioned, or to enforce security or compliance controls. Beyond “shadow IT,” IT is often responsible for some portion of cloud app enablement. In some cases, deployment of a cloud app is a net-new project for the organization. In others, it’s a migration from a traditional application. Whether shadow or sanctioned, cloud app usage is growing and C-suites, boards of directors, and audit committees around the world are beginning to ask whether the cloud technologies in their environment are safe, compliant with business policies, perform according to vendor service-level agreements, are cost-effective, and are optimized for business usage. When IT can confidently answer these questions and assuage these concerns, it can sanction cloud apps and deliver them optimally. IT can shine a light on “shadow IT”, educate and inform cloud app stakeholders of the risks and opportunities, and safely bring cloud apps on board. The time is now for you to get complete visibility into the cloud apps in your organization. Then, together with your security and line-of-business counterparts, you can make decisions and institute granular policies to make those apps safe, compliant, and high performance. SLEDGEHAMMER VS. SCALPEL When confronted with an unknown technology, sometimes organizations are inclined to shut it down. That’s because many of the tools IT has used to detect and remediate rogue technology are binary, so they allow you to say only “yes” or “no.” But what if you could take a more nuanced approach? Instead of taking a sledgehammer to the apps people want to use, what if you could say “yes” to nearly all of their favorite apps, and then, like a surgeon, slice out certain activities to make the usage of those apps acceptable to your organization from a security and compliance standpoint? This approach would put you in the position of partnering with and enabling the business rather than saying “no” in a wholesale way. And for the cloud apps that you have been championing but have had to slow roll because of security and compliance concerns, this approach will let you adopt them quickly. Taking a scalpel instead of a sledgehammer to the problem will pave the way to cloud confidence. The 5 Steps to Cloud Confidence
WHITE PAPER 3 FIVE STEPS TO CLOUD CONFIDENCE What steps must you take to gain cloud confidence? We’ve identified the following five: 1. Find the cloud apps running in your enterprise and understand their risk; 2. Understand how those apps are being used, 3. Use analytics to monitor usage, detect anomalies, and conduct forensics, 4. Identify and prevent the loss of sensitive data, and 5. Enforce your security and compliance policies across any cloud app or app category in real-time. We’ll walk through each of the five steps and provide a short checklist within each step. Let’s set the stage with a use case. Acme’s IT department has not been able to sanction the usage of, or help deploy, cloud apps for its business because it can’t see the apps people are using and what they’re doing in them. As managers of a public company, Acme’s executives must be able to attest, for compliance purposes, that only authorized personnel had contact with key systems and data, and any use or modifications were proper and accurate. With an increasing number of cloud apps coming onto the scene at Acme that contain an increasing amount of critical company data, management is concerned that it can no longer attest to the accuracy of these statements. Find All Cloud Apps and Understand Risk In order to lay the groundwork for cloud confidence, Acme IT must take the first step: find all of the cloud apps that are running in the organization. This includes both apps that are sanctioned by Acme’s IT department and any that are unknown. To get a complete picture, IT should find not only those apps accessed from desktops and laptops within the four walls of the workplace, but also from remote laptops and mobile devices, regardless of whether the apps are browser-based or native, such as a sync client. Once those apps are found, IT should evaluate each of the apps against a set of objective criteria in the areas of security, auditability, and business continuity as well as the app’s risk given its organization’s use of that app. 4 Find all cloud apps, whether sanctioned or “shadow IT” 4 Include cloud apps that are running on-premises, remote, or on PCs or mobile devices 4 Score apps on enterprise-readiness, as measured by security, auditability, and business continuity 4 Evaluate those apps’ risk based on your organization’s usage of them 4 Make risk-based decisions about whether to standardize on, and migrate users to, certain apps Understand Cloud App Context and Usage After finding all of the cloud apps that are running in the organization, Acme IT should be able to drill down into the information surrounding those apps and understand how people are using them. This second step involves understanding contextual usage of those apps, including user identity or group, as well as the device the user is on, browser, geo- location, and time; cloud app, app instance, or app category; specific app activities, e.g., “download,” “share,” or “edit;” content type and file or object name; DLP profile, if applicable; and where and with whom content is shared. 4 Drill down into user identity, e.g., user, group, device, browser, geo-location, and time 4 Understand the app, e.g., app, app instance, or app category 4 Ascertain cloud app activities, e.g., “download,” “upload,” “share,” “edit,” or administrative activities, as well as with whom content was shared, if applicable 4 See content details, e.g., content type, file or object name; and DLP profile, if applicable 4 Perform e-discovery of content existing at rest within an app, including against a DLP profile Analytics for Monitoring, Anomaly Detection, and Forensics Now that Acme IT knows what cloud apps are relevant to the organization’s compliance posture based on category and usage, they must be able to analyze that activity against policy, pivoting around any of the parameters described above. IT must also be able to use analytics to detect anomalies to identify risky behavior and potential data loss or breach. Depending on Acme’s business operations and regulations, compliance-oriented questions will bubble to the top. IT should be able to answer specific questions, including: ● “Who from my call center in Bulgaria is accessing my CRM system, and what specifically are they doing?” ● “Who from my Investor Relations group is sharing docs from our cloud storage app during the company’s ‘quiet period’?” ● “Has any non-HR manager downloaded salary data in any cloud app in the past three months?” ● “Is there any excessive downloading or sharing that could signal a data breach?” Beyond viewing app access and activity at a point-in-time, Acme wants the ability to do “continuous compliance,” or have ongoing and uninterrupted visibility of all activities that could impact compliance with the organization’s policies. IT should be able to turn any analytics query into a watch list or report, where any defined event or any deviation from a baseline will trigger an action.
WHITE PAPER 4 Taking the Acme use case beyond compliance, let’s say that in the course of performing analytics, IT uncovers suspicious activity. Analysts suspect that just days before leaving Acme Corp. for a competitor, an employee has exfiltrated data by downloading proprietary data from one of the company’s cloud apps and then uploading the file into a cloud storage app that he accessed with his personal login credentials. IT would like to be able to construct a forensic audit trail showing every cloud app action for that user leading up to and immediately following the incident. This would enable IT not only to uncover suspicious behavior, but also to prove a breach occurred and clearly demonstrate malicious or even criminal activity. In addition to security and compliance analysis, Acme Corp. would like to analyze cloud app usage from a performance and optimization standpoint, understanding things like uptime and latency across not just apps, but also across user locations, device types, and time periods. This information would help Acme IT hold its cloud app vendors to stated SLAs and make better decisions for traffic planning and app consolidation. 4 Run deep analytics on user behavior, pivoting around all of the above visibility parameters 4 View user behavior and activity against baselines to uncover anomalies 4 Analyze cloud app performance, e.g., uptime, latency, and SLA adherence 4 Perform forensic analysis on user activity leading up to an incident or breach Cloud Data Loss Prevention Beyond understanding cloud app activity and potential data loss, Acme IT needs to understand whether sensitive data are getting out of its control. It needs to take advantage of work that’s been done in the last decade in the security industry to bring similar data controls to the cloud. This includes incorporating industry-standard data identifiers into DLP rules, and combining those rules to create DLP profiles that can get incorporated into granular, precise policies. By wrapping potential data leakage scenarios with context, Acme can ensure fewer false positives and higher accuracy with its DLP policies. 4 Create relevant DLP profiles for your cloud apps, including personally-identifiable information, Payment Card Information, electronic Personal Health Information, and more 4 Base your DLP profiles on industry-standard data identifiers and rules and incorporate rich context (apps, users, time, location, and user activities) into your DLP policies 4 Discover content at rest already resident within your apps and take action such as change ownership, quarantine, or encrypt 4 Set DLP policies that take effect in not just one app, but across an entire category or globally, if you need them to 4 Ensure that your DLP policies can be enforced in real-time before a data breach occurs Secure Cloud Apps Through Real-time Policy Enforcement Once Acme IT analyzes the organization’s cloud usage against its policies and uncovers data risks, breaches, and potential inefficiencies, it can begin to take action. Let’s revisit our contention that using a scalpel, not a sledgehammer, to enforce your policies is the way to cloud confidence. Acme IT realizes this, and not only wants to confidently say “yes” to the apps that are already in use, but wants to move even more of its IT systems to the cloud. Acme wants to be able to set sophisticated, precise policies based on the same parameters it analyzes. For example, Acme wants to: ● Enable the use of collaboration apps, but prevent sharing of data with people outside of the company ● Disallow file uploads to cloud storage apps that contain highly sensitive data or intellectual property that, if ever leaked, stolen, or modified, could cause serious damage to the company ● Allow people in the HR and finance groups worldwide to access HR or finance/accounting apps, but block anyone outside of the U.S. from downloading salary information ● Encrypt sensitive content in context as it’s being uploaded or when it’s already resident within cloud apps 4 Enforce granular, specific policies on any of the visibility parameters or DLP profiles described above 4 Set policies once and have them enforced in real-time in any app, at the app- or category-level or globally 4 Enforce policies whether or not you manage, or even have administrative privileges, to the app 4 Enforce policies in real-time, before an undesired event or behavior happens 4 Coach users on policy violations to educate them about risky behaviors and to create transparency These five steps make up the framework for cloud confidence and the ability to take these five steps would mean that Acme IT can say “yes” overall to the cloud apps that Acme Corp. wants to use, while limiting certain risky or non-compliant behaviors within the apps: 1. Find the cloud apps running in your enterprise and understand their risk 2. Understand how those apps are being used 3. Use analytics to monitor usage, detect anomalies, and conduct forensics 4. Identify and prevent the loss of sensitive data 5. Enforce your security and compliance policies across any cloud app or app category in real-time
WHITE PAPER 5 SUMMARY CLOUD CONFIDENCE CHECKLIST THE NETSKOPE ACTIVE PLATFORMTM: REAL-TIME CONTROL OVER ANY CLOUD APP, WHETHER IT MANAGES IT OR NOT Netskope™ is the leader in safe cloud enablement. The Netskope Active Platform™ gives IT the ability to find, understand, and secure cloud apps. Only Netskope empowers organizations to direct usage, protect sensitive data, and ensure compliance in real-time, on any device, for any cloud app so the business can move fast, with confidence. THE NETSKOPE ACTIVE PLATFORM FIND UNDERSTAND SECURE FIND CLOUD APPS AND UNDERSTAND RISK Find all cloud apps, whether sanctioned or “shadow IT” Include cloud apps that are running on-premises, remote, or on PCs or mobile Evaluate and score apps on enterprise-readiness, as measured by security, auditability, and business continuity Evaluate those apps’ risk based on your organization’s usage of them Make risk-based decisions about whether to standardize on, and migrate users to, certain apps UNDERSTAND HOW CLOUD APPS ARE BEING USED Drill down into user identity, e.g., user, group, device, browser, geo-location, and time Understand the app, e.g., app, app instance, or app category Ascertain cloud app activities, e.g., “download,” “upload,” “share,” “edit,” or administrative activities, as well as with whom content was shared, if applicable See content details, e.g., content type, file or object name; and DLP profile, if applicable Perform e-discovery of content existing at rest within an app, including against a DLP profile ANALYTICS FOR MONITORING, ANOMALY DETECTION Run deep analytics on user behavior, pivoting around all of the above visibility parameters View user behavior and activity against baselines to uncover anomalies Analyze cloud app performance, e.g., uptime, latency, and SLA adherence Perform forensic analysis on user activity leading up to an incident or breach CLOUD DATA LOSS PREVENTION Create relevant DLP profiles for your cloud apps, including personally-identifiable information, Payment Card Information, electronic Personal Health Information, and more Base your DLP profiles on industry-standard data identifiers and rules and incorporate rich context (apps, users, time, location, and user activities) into your DLP policies Discover content in real-time as it is being uploaded, downloaded, and shared as well as content that has already been stored in the cloud app and take action such as quarantine, encrypt, change ownership, or change sharing permissions, Set DLP policies that take effect in not just one app, but across an entire category or globally, if you need them to Ensure that your DLP policies can be enforced in real-time before a data breach occurs SECURE CLOUD APPS THROUGH REAL- TIME POLICY ENFORCEMENT Enforce granular, specific policies on any of the visibility parameters or DLP profiles described above Set policies once and have them enforced in real-time in any app, at the app- or category-level or globally Enforce policies whether or not you manage, or even have administrative privileges, to the app Enforce policies in real-time, before an undesired event or behavior happens Coach users on policy violations to educate them about risky behaviors and to create transparency
WHITE PAPER 6 FIND ALL CLOUD APPS, WHETHER SANCTIONED OR SHADOW IT To find all of the cloud apps running in your organization, Netskope relies on a combination of its Cloud Confidence Index™ (CCI), a repository of thousands of enterprise cloud apps, and algorithm-based traffic analysis that discovers unknown apps. This gives you confidence in knowing what apps your organization is dealing with and lays the groundwork for further analysis and policy-setting. Beyond finding apps, Netskope informs you of the enterprise-readiness score of each app based in its security, auditability, and business continuity, as well as combines that score with your specific usage to come up with a risk score specific to your environment. THE NETSKOPE ACTIVE PLATFORM IDENTIFIES THE CLOUD APPS RUNNING AT ACME CORP. THE NETSKOPE ACTIVE PLATFORM INFORMS ACME OF ITS RISKY APPS
WHITE PAPER 7 SEE APPS AND USAGE IN CONTEXT WITH NETSKOPE ACTIVE VISIBILITY Netskope Active Visibility provides not just information about apps and users, but complete visibility into how the apps are used within your organization. You can quickly drill down to view the apps or app instances that are being accessed, by whom, the number and duration of each app session, where people are when they access the apps, what devices and browsers they are using, what app services they are consuming, what discrete actions they are taking (log in, modify data, download content, upload content, share content, administrative actions like escalation of privileges, etc.), what content type and file or object name they are dealing with, whether it is deemed sensitive given your DLP profiles, and where and with whom it is being shared. Moreover, we normalize those activities, so you can get one consistent view across app behaviors, and can use that single truth to enforce one simple policy uniformly across all relevant apps instead of having to set policies app by app. For instance, “share” and “send,” “download” and “save,” and “edit” and “change” can each mean the same thing across different apps. Imagine that for the more than 150 different cloud storage apps in the market, of which a dozen or more could be in use your organization, you’d have to take a swivel chair approach and analyze app after app. And that’s just for cloud storage. Netskope normalizes all of these user activities across more than 50 categories of apps so you do not have to understand each app and map its activities to understand what’s going on. THE NETSKOPE ACTIVE PLATFORM LETS USERS DRILL DOWN INTO EACH ACTION OCCURRING IN A SESSION THE NETSKOPE ACTIVE PLATFORM SHOWS CLOUD APP USER ACCESS AND TRAFFIC PATTERNS AT ACME CORP.
WHITE PAPER 8 PERFORM DEEP ANALYTICS WITH NETSKOPE ACTIVE ANALYTICS Netskope Active Analytics lets you pivot around any of the above parameters and answer any business or security question, understanding the who, what, when, and where, and with whom of any user’s or administrator’s activity within a cloud app, users’ activity overall, or activity compared to a baseline. With Netskope, you can perform granular queries, be alerted to granular behavioral anomalies, do forensic analysis after a security incident or breach, and set watch lists that will alert you on any activity. You can also run analytics on app performance, slicing by any of the visibility parameters above. DETECT ANOMALIES IN CONTEXT WITH NETSKOPE ACTIVE ANALYTICS PREVENT LOSS OF SENSITIVE DATA WITH NETSKOPE ACTIVE CLOUD DLP Netskope Active Cloud DLP is unique in preventing loss of sensitive data in the cloud in a way that is context and activity aware, works in real-time, and can be applied across any app, not app-by-app. With Netskope, you can incorporate cloud app and usage details such as the app, its category, its enterprise-readiness score per the Netskope CCI, the user or group, location of the user or app, time of day, device, browser, and user activity (e.g., “upload,” “download,” or “view”) into your policies, which helps you be precise in identifying potential data loss scenarios so you can protect data in a targeted way. This helps you increase the accuracy of sensitive data detection and protection. You can also perform introspection within certain apps to e-discover content at rest that matches a certain DLP profile, and then take action on that content such as change ownership, quarantine, or encrypt. Netskope Active Cloud DLP uses industry-standard content inspection incorporating more than 3,000 language- independent data identifiers across hundreds of categories and more than 400 file types. These come together to form DLP rules, which comprise DLP profiles. From those profiles, you can set precise, contextual policies in the Netskope Active Platform. Netskope Active Cloud DLP comes with pre-built DLP profiles or lets you easily and quickly configure custom ones. This translates to confidence that you are using proven, industry-standard DLP building blocks in your policies and protecting data in context, leading to accuracy and effectiveness.
WHITE PAPER 9 NETSKOPE ACTIVE CLOUD DLP PROFILES ENFORCE GRANULAR POLICIES IN REAL TIME ACROSS ANY APP WITH NETSKOPE ACTIVE POLICIES Once you discover and analyze your cloud apps and their usage in the context of your business policies, Netskope Active Policies let you set and enforce granular policies that will take effect across whatever cloud apps you specify (one app, one app instance, a category of apps, or all of the cloud apps in your environment) in a few clicks. In fact, as you’re analyzing cloud app usage by clicking and drilling into the visibility parameters described above, The Netskope Active Platform is building breadcrumbs that you can turn into a policy in Netskope Active Policies at any time. Beyond incorporating contextual details such as device and location into your policy, you can incorporate apps’ CCI scores and DLP profiles into your policy-setting to narrow the contextual aperture in order to be targeted and accurate, minimizing false positives and false negatives. Finally, Netskope offers a variety of actions that you can specify as an outcome of policy non-compliance. You can block, alert, bypass, encrypt, coach users, or kick off a workflow to remediate, record, or report on the out-of- compliance event or activity. Some examples of how granular a policy can be include: ● Allow users in Sales to share any public collateral while preventing them from downloading content deemed “confidential” from a cloud storage app ● Alert IT if any user in Investor Relations shares content from a finance/accounting app with someone outside of the company ● Block any user located outside of the U.S. from downloading contacts from any CRM app ● Only allow data uploads to apps that have a CCI score of ‘Medium’ or above, and block uploads to the rest NETSKOPE ACTIVE POLICIES LET ADMINS ENFORCE CONTEXTUAL, GRANULAR POLICIES
WHITE PAPER 10 NETSKOPE ACTIVE POLICIES LET YOU COACH USERS WITH CUSTOMIZED MESSAGING HOW THE NETSKOPE ACTIVE PLATFORM WORKS When we built the Netskope Active Platform, we envisioned giving you deep views and tons of flexibility to answer any business or security question about your organization’s cloud apps, as well as the power to enforce your policies in real time. In order to achieve this, we knew we needed to inspect cloud app traffic but also take a fundamentally different approach to looking at data and taking action. Being in the data plane carries with it a high level of responsibility, so we pulled together a group of proven veteran architects and engineers, including some of the original or founding architects from companies like NetScreen, Palo Alto Networks, Juniper, Cisco and McAfee, who have solved similar challenges in the past. We first started by looking at the application layer traffic, and, rather than deeply inspecting network packets, we developed a method for deeply inspecting cloud app transactions in real time and all calls to them, whether they were made within the confines of the corporate network or outside, from a laptop or mobile device, or from a browser or native app. We call this Deep API Inspection, or DAPII. Unlike existing pattern recognition methods that, for example, inspect “GET” and “POST” traffic in web sessions to find malicious or inappropriate websites, DAPII relies on information available from API transactions as they are actually occurring. We built connectors, or standardized integrations, for cloud apps that we use to interpret the “conversation” between browsers and apps. Connectors convey those conversations in JSON files, which contain a structure and format that allow Netskope to both understand what actions a user is performing in the app as it is happening, but also normalize those activities across all of the apps Netskope is dealing with. So, as in the prior example, if someone “shares” content in one app and “sends” it in another, Netskope will know and report on the fact that they are the same action. In short, Netskope enables you to see what is truly going on inside of an app without having to break apart or understand that app. For example, without Netskope, you may be able to see that a user went to a URL and during that session, and 973 upstream bytes were sent or retrieved, whereas Netskope gives you a much more detailed, context-aware and intelligent description of what happened: “Joe from Investment Banking, currently in Japan, shared his M&A directory with an investor at a hedge fund at 10 PM—something he has never done before.” It’s worth taking a moment to explain how we make sure that we gain visibility and enforce policy dynamically on your enterprise’s cloud app transactions and traffic. We enable and have production deployments on a host of non-mutually exclusive, in-line and out-of-band deployment options. Each with these methods has a different level of theoretical coverage, visibility, and enforcement, from the most basic to the most advanced and real-time, so it’s important to choose the right one(s) to facilitate your use cases. The options include: Out-of-band: ● Log-based. You can upload logs from your perimeter networking equipment such as your web gateway or next- generation firewall to Netskope offline. ● Introspection via API connectors. We connect to your sanctioned app using the OAuth authorization standard to give you control of content already residing in the app. Note that this only applies to apps that IT sanctions and administers.
WHITE PAPER 11 In-line: ● Agentless. We steer your users’ on-premises cloud network traffic to the closest one of four Netskope SOC-1/SOC-2, SSAE- 16 Type 2-certified data centers around the world, which sits between your network and your cloud apps and is transparent to your users. ● Thin agent or mobile profile. We steer your users’ remote cloud network traffic to Netskope via an agent or, if a mobile device, a mobile profile ● Reverse proxy. We redirect traffic to a modified URL of your sanctioned cloud apps. Note that this only applies to apps that IT sanctions and administers. In the first out-of-band method, log analysis provides you information about what apps you have, and the Netskope Active Platform categorizes them, gives you a view of their enterprise-readiness, and gives you a risk view based on a combina- tion of those apps’ enterprise-readiness. Though useful, it’s only a small fraction of what you’d be able to see and doesn’t include the real-time policy enforcement that you’d get with the other implementations. In the second out-of-band method, app introspection gives you a deep view within specific apps that you administer. It en- ables you to e-discover and inventory both content and users of that content. It then lets you take action on that content, including re-assign ownership, set sharing permissions, quarantine files, and apply encryption of data-at-rest. The in-line methods inspect enterprise cloud app traffic to give you deep visibility, the ability to perform analytics in real-time, and dynamic policy enforcement for your enterprise cloud apps. Each level has its own level of coverage based on theoretical limitations of the method. The agentless method provides you a “touchless” way to get on-premises cloud app network traffic from the user’s PC or mobile device to the Netskope cloud for analysis. Because it sits at your network’s egress point, it is limited to on-premises network traffic. The thin agent gives you the same visibility, analytics, and enforce- ment as in the agentless, but also coverage of any device that’s outside of the four walls of your organization. And finally, the reverse proxy method gives you a “touchless” way to get cloud app visibility and control, however, it is limited only to apps you administer. NETSKOPE TOPOLOGICAL LAYOUT INTERNET DEPLOYMENT OPTIONS PUBLIC CLOUD APPS ANALYTICS & REAL-TIME POLICY ENGINE NETSKOPE ADMIN CONSOLE NETSKOPE APIs PRIVATE/HYBRID CLOUD (Thousands) REVERSE PROXY INTROSPECTION How does Netskope handle policy enforcement in the in-line deployments? When your cloud app network traffic reaches the Netskope data plane in one of our data centers, the encrypted traffic will terminate at our instance, we will interpret user activity within the apps using DAPII, and then we will disallow or take an if-then action (for, say, an alert or workflow) on whatever function from that API on which you have created a policy. As you start to enforce policies across not just one or two, but dozens of apps, Netskope becomes even more valuable. When you set a policy, you expect to be able to enforce it in one app, across a category of apps, or universally across all of your cloud apps. Because Netskope does the heavily lifting to identify and normalize behaviors in all cloud apps, when you set a policy once you know that it will be carried out across all of the apps you want it to. So, when you set a granular policy such as “Let people in my call center use CRM, but don’t let them download customer contacts onto a mobile device if they’re outside of my country,” or set policies about what apps you will and won’t allow based on their CCI score, you know that those policies will be enforced immediately before an undesired act occurs… and that you can do it at network speed and enterprise scale.
WHITE PAPER 12 ABOUT NETSKOPE Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence. ABOUT EVERYCLOUD EveryCloud is a UK-based cyber security specialist that helps organisations in any sector to drive the most value from their cloud services and remain Cloud Confident in a constantly changing threat landscape. Focused on Internet and Cloud App infrastructure access, Cloud Application Security, Data Loss Prevention (DLP), Compliance, and Identity Access/Single Sign On solutions, EveryCloud works with the world’s leading cloud access security brokers including Netskope™. EveryCloud’s award-winning founders pioneered unified communications and cloud telephony in the UK, building a business that became a member of the Fast Tech Trek 100 and one of the UK’s fastest growing telecoms providers. ®

More Related Content

PPTX
Getting secure in a mobile-first world with EMS
Softchoice Corporation
 
PDF
Symantec Mobility Suite -Workforce apps
Symantec
 
PPTX
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Netskope
 
PPTX
Data Breach: The Cloud Multiplier Effect
Netskope
 
PPTX
Packt publishing book proposal api and mobile access management
Gluu
 
PPTX
Cloud Security for Dummies Webinar — The Identity Edition
Netskope
 
PDF
Virtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
Softchoice Corporation
 
PPTX
Netskope — Shadow IT Is A Good Thing
Netskope
 
Getting secure in a mobile-first world with EMS
Softchoice Corporation
 
Symantec Mobility Suite -Workforce apps
Symantec
 
Forrester Research: Securing the Cloud When Users are Left to Their Own Devices
Netskope
 
Data Breach: The Cloud Multiplier Effect
Netskope
 
Packt publishing book proposal api and mobile access management
Gluu
 
Cloud Security for Dummies Webinar — The Identity Edition
Netskope
 
Virtual Space Race: How IT with The Right Stuff Creates a Competitive Advantage
Softchoice Corporation
 
Netskope — Shadow IT Is A Good Thing
Netskope
 

What's hot (20)

PPTX
LinkedIn - Creating a Cloud Security Policy
Chris Niggel
 
PPTX
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
Netskope
 
PDF
Adallom_Cloud_Risk_Report-Nov14
Isaac BOCCARA
 
PPTX
Protecting your Data in Google Apps
Elastica Inc.
 
PDF
Spe security and privacy enhancement framework for mobile devices
LeMeniz Infotech
 
PDF
Cloud service providers in pune
Anshita Dixit
 
PPTX
Top Risks of Enterprise Mobility
Symantec
 
PPTX
Ciso Platform Webcast: Shadow Data Exposed
Elastica Inc.
 
PPTX
Enabling Dropbox for Business
Elastica Inc.
 
PPTX
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
OneLogin
 
PDF
Unified application security analyser
Tim Youm
 
PPTX
Cloud App Security
Alvaro Rezende
 
PPTX
Making Cloud Security Part of Your DNA Webinar Slides
Netskope
 
PPTX
How to Extend Security and Compliance Within Box
Elastica Inc.
 
PDF
Should we fear the cloud?
Gabe Akisanmi
 
PDF
application-security-fallacies-and-realities-veracode
sciccone
 
PPTX
Driving the successful adoption of Microsoft Office 365
Forcepoint LLC
 
PDF
The 15 best cloud security practices
Cloudride LTD
 
PDF
Actionable insights
Tim Youm
 
PDF
Microsoft Cloud App Security CASB
Ammar Hasayen
 
LinkedIn - Creating a Cloud Security Policy
Chris Niggel
 
The Razor's Edge: Enabling Cloud While Mitigating the Risk of a Cloud Data Br...
Netskope
 
Adallom_Cloud_Risk_Report-Nov14
Isaac BOCCARA
 
Protecting your Data in Google Apps
Elastica Inc.
 
Spe security and privacy enhancement framework for mobile devices
LeMeniz Infotech
 
Cloud service providers in pune
Anshita Dixit
 
Top Risks of Enterprise Mobility
Symantec
 
Ciso Platform Webcast: Shadow Data Exposed
Elastica Inc.
 
Enabling Dropbox for Business
Elastica Inc.
 
Crossing the Chasm from On-prem to Cloud: Managing Identities in a Hybrid World
OneLogin
 
Unified application security analyser
Tim Youm
 
Cloud App Security
Alvaro Rezende
 
Making Cloud Security Part of Your DNA Webinar Slides
Netskope
 
How to Extend Security and Compliance Within Box
Elastica Inc.
 
Should we fear the cloud?
Gabe Akisanmi
 
application-security-fallacies-and-realities-veracode
sciccone
 
Driving the successful adoption of Microsoft Office 365
Forcepoint LLC
 
The 15 best cloud security practices
Cloudride LTD
 
Actionable insights
Tim Youm
 
Microsoft Cloud App Security CASB
Ammar Hasayen
 
Ad

Viewers also liked (19)

PDF
Company website presentation October 2016
AnteroResources
 
PDF
789 русский яз. 5кл. тетр. оценки кач. знаний львов-2014 -64с
dfdkfjs
 
PDF
558 1 математика. 9кл.-латотин, чеботаревский_минск, 2014 -397с
dfdkfjs
 
PDF
762 русский язык. 8кл. раб. тетрадь к разумовской кулаева-2015 -128с
dfdkfjs
 
PPTX
Data cycle health
jyotikhadake
 
PDF
658 русский язык. 9кл. кимы. никулина м.ю.-2014 -96с
dfdkfjs
 
PDF
Cebu Bayside語学学校規定など。フィリピン留学ナビ
WEB制作仲間
 
PDF
Obility Print Shops, Print Management, Print Automation & Print Integration
Obility GmbH
 
PPTX
Modelización matemática
Universidad de Costa Rica
 
PDF
Módulo i concebir la idea de investigación
Carlos Vasquez
 
PDF
Reglamento catastro.pdf
fergussen Rojas
 
PDF
The University of Vermont application form
Abhishek Bajaj
 
PDF
Harramientas tecnológicas para la educación
Universidad de Costa Rica
 
PDF
CV-Europass-20161020-Cosey-EN
Brian Cosey
 
PDF
Programa de rastreo espia para celular
espiarmoviles
 
PDF
496 компл. анализ текста. раб. тетр. 8кл. никулина м.ю-2013 -96с
dfdkfjs
 
PPTX
EPID
eddynoy velasquez
 
PPTX
Socialmedia101
Ian Royer
 
PDF
Guía didáctica
Carlos Vasquez
 
Company website presentation October 2016
AnteroResources
 
789 русский яз. 5кл. тетр. оценки кач. знаний львов-2014 -64с
dfdkfjs
 
558 1 математика. 9кл.-латотин, чеботаревский_минск, 2014 -397с
dfdkfjs
 
762 русский язык. 8кл. раб. тетрадь к разумовской кулаева-2015 -128с
dfdkfjs
 
Data cycle health
jyotikhadake
 
658 русский язык. 9кл. кимы. никулина м.ю.-2014 -96с
dfdkfjs
 
Cebu Bayside語学学校規定など。フィリピン留学ナビ
WEB制作仲間
 
Obility Print Shops, Print Management, Print Automation & Print Integration
Obility GmbH
 
Modelización matemática
Universidad de Costa Rica
 
Módulo i concebir la idea de investigación
Carlos Vasquez
 
Reglamento catastro.pdf
fergussen Rojas
 
The University of Vermont application form
Abhishek Bajaj
 
Harramientas tecnológicas para la educación
Universidad de Costa Rica
 
CV-Europass-20161020-Cosey-EN
Brian Cosey
 
Programa de rastreo espia para celular
espiarmoviles
 
496 компл. анализ текста. раб. тетр. 8кл. никулина м.ю-2013 -96с
dfdkfjs
 
EPID
eddynoy velasquez
 
Socialmedia101
Ian Royer
 
Guía didáctica
Carlos Vasquez
 
Ad

Similar to EveryCloud 5-steps-cloud-confidence (20)

PDF
10 alternatives to heavy handed cloud app control
Aneel Mitra
 
PDF
Allow is the New Block
Sean Dickson
 
PDF
Fy17 sec shadow_it-e_book_final_032417
Основна школа "Миливоје Боровић" Мачкат
 
PDF
Netskope Info
Sean Dickson
 
PDF
5 must haves - cloud confidence
Sean Dickson
 
PDF
Netskope Overview
Netskope
 
PDF
Careless Users In the Cloud (And What IT Can Do About It)
Softchoice Corporation
 
DOCX
Sample Discussion 1Security is one of the most important fun.docx
jeffsrosalyn
 
DOCX
Sample Discussion 1Security is one of the most important fun.docx
rtodd599
 
PDF
SecurityWhitepaper 7-1-2015
Francisco Anes
 
PDF
eBook: 5 Steps to Secure Cloud Data Governance
Kim Cook
 
PDF
Learn How to Maximize Your ServiceNow Investment
Stave
 
PDF
Securing mobile apps in a BYOD world
SAP Solution Extensions
 
PDF
Top Benefits of Self-Hosted Project Management Software in 2025
Orangescrum
 
PDF
Selecting an App Security Testing Partner: An eGuide
HCLSoftware
 
PDF
Procuring an Application Security Testing Partner
HCLSoftware
 
PDF
The advantages of Cloud Application Control
Web Werks Data Centers
 
DOCX
IT 8003 Cloud ComputingGroup Activity 1 SuperTAX Soft.docx
vrickens
 
PDF
User access profiling model
Jose Guerrero
 
PDF
Cloud Application Security --Symantec
Abhishek Sood
 
10 alternatives to heavy handed cloud app control
Aneel Mitra
 
Allow is the New Block
Sean Dickson
 
Fy17 sec shadow_it-e_book_final_032417
Основна школа "Миливоје Боровић" Мачкат
 
Netskope Info
Sean Dickson
 
5 must haves - cloud confidence
Sean Dickson
 
Netskope Overview
Netskope
 
Careless Users In the Cloud (And What IT Can Do About It)
Softchoice Corporation
 
Sample Discussion 1Security is one of the most important fun.docx
jeffsrosalyn
 
Sample Discussion 1Security is one of the most important fun.docx
rtodd599
 
SecurityWhitepaper 7-1-2015
Francisco Anes
 
eBook: 5 Steps to Secure Cloud Data Governance
Kim Cook
 
Learn How to Maximize Your ServiceNow Investment
Stave
 
Securing mobile apps in a BYOD world
SAP Solution Extensions
 
Top Benefits of Self-Hosted Project Management Software in 2025
Orangescrum
 
Selecting an App Security Testing Partner: An eGuide
HCLSoftware
 
Procuring an Application Security Testing Partner
HCLSoftware
 
The advantages of Cloud Application Control
Web Werks Data Centers
 
IT 8003 Cloud ComputingGroup Activity 1 SuperTAX Soft.docx
vrickens
 
User access profiling model
Jose Guerrero
 
Cloud Application Security --Symantec
Abhishek Sood
 

EveryCloud 5-steps-cloud-confidence

  • 1. THE 5 STEPS TO CLOUD CONFIDENCE ®
  • 2. WHITE PAPER 2 CLOUD APPS LET PEOPLE GO FAST Organizations are adopting cloud apps in a big way. Today accounting for 23 percent of IT spend, cloud computing has accelerated because it allows people to get their jobs done more quickly, easily, and flexibly than traditional computing tools. Cloud apps—the most visible and adopted segment of cloud computing—have proliferated in enterprises and have now reached a tipping point. Forrester predicts the SaaS market to total $93 billion in 2016. Netskope™ counts thousands of cloud apps being used in enterprises today. Cloud apps are increasingly common in nearly every kind of enterprise. Sometimes this is because they are cheaper to buy and operate. Other times it’s because people want to be nimble, deploying an app faster and taking advantage of the latest product features sooner than they would with on-premises software. And other times it’s because people don’t want to coordinate across the many gatekeepers—operations, hardware, networking, and security—required to make a software roll-out successful. Cloud apps have reached a level of maturity and feature richness that they are now mainstream. In fact, they are reaching a tipping point in organizations. IDC expects nearly a third of companies to source greater than half of their IT spend from the public cloud in 2016. AN OPPORTUNITY FOR IT AND THE BUSINESS While IT has ownership or responsibility for some cloud apps, people are now more than ever empowered to go outside of IT and deploy their own apps. This means they are procuring, paying for, managing, and using these apps without IT’s involvement. This is a good thing for the business because it lets users get their jobs done more efficiently. But it also means that there is no way for IT to consistently manage and secure all of the cloud apps running across the organization, whether “shadow IT” or sanctioned, or to enforce security or compliance controls. Beyond “shadow IT,” IT is often responsible for some portion of cloud app enablement. In some cases, deployment of a cloud app is a net-new project for the organization. In others, it’s a migration from a traditional application. Whether shadow or sanctioned, cloud app usage is growing and C-suites, boards of directors, and audit committees around the world are beginning to ask whether the cloud technologies in their environment are safe, compliant with business policies, perform according to vendor service-level agreements, are cost-effective, and are optimized for business usage. When IT can confidently answer these questions and assuage these concerns, it can sanction cloud apps and deliver them optimally. IT can shine a light on “shadow IT”, educate and inform cloud app stakeholders of the risks and opportunities, and safely bring cloud apps on board. The time is now for you to get complete visibility into the cloud apps in your organization. Then, together with your security and line-of-business counterparts, you can make decisions and institute granular policies to make those apps safe, compliant, and high performance. SLEDGEHAMMER VS. SCALPEL When confronted with an unknown technology, sometimes organizations are inclined to shut it down. That’s because many of the tools IT has used to detect and remediate rogue technology are binary, so they allow you to say only “yes” or “no.” But what if you could take a more nuanced approach? Instead of taking a sledgehammer to the apps people want to use, what if you could say “yes” to nearly all of their favorite apps, and then, like a surgeon, slice out certain activities to make the usage of those apps acceptable to your organization from a security and compliance standpoint? This approach would put you in the position of partnering with and enabling the business rather than saying “no” in a wholesale way. And for the cloud apps that you have been championing but have had to slow roll because of security and compliance concerns, this approach will let you adopt them quickly. Taking a scalpel instead of a sledgehammer to the problem will pave the way to cloud confidence. The 5 Steps to Cloud Confidence
  • 3. WHITE PAPER 3 FIVE STEPS TO CLOUD CONFIDENCE What steps must you take to gain cloud confidence? We’ve identified the following five: 1. Find the cloud apps running in your enterprise and understand their risk; 2. Understand how those apps are being used, 3. Use analytics to monitor usage, detect anomalies, and conduct forensics, 4. Identify and prevent the loss of sensitive data, and 5. Enforce your security and compliance policies across any cloud app or app category in real-time. We’ll walk through each of the five steps and provide a short checklist within each step. Let’s set the stage with a use case. Acme’s IT department has not been able to sanction the usage of, or help deploy, cloud apps for its business because it can’t see the apps people are using and what they’re doing in them. As managers of a public company, Acme’s executives must be able to attest, for compliance purposes, that only authorized personnel had contact with key systems and data, and any use or modifications were proper and accurate. With an increasing number of cloud apps coming onto the scene at Acme that contain an increasing amount of critical company data, management is concerned that it can no longer attest to the accuracy of these statements. Find All Cloud Apps and Understand Risk In order to lay the groundwork for cloud confidence, Acme IT must take the first step: find all of the cloud apps that are running in the organization. This includes both apps that are sanctioned by Acme’s IT department and any that are unknown. To get a complete picture, IT should find not only those apps accessed from desktops and laptops within the four walls of the workplace, but also from remote laptops and mobile devices, regardless of whether the apps are browser-based or native, such as a sync client. Once those apps are found, IT should evaluate each of the apps against a set of objective criteria in the areas of security, auditability, and business continuity as well as the app’s risk given its organization’s use of that app. 4 Find all cloud apps, whether sanctioned or “shadow IT” 4 Include cloud apps that are running on-premises, remote, or on PCs or mobile devices 4 Score apps on enterprise-readiness, as measured by security, auditability, and business continuity 4 Evaluate those apps’ risk based on your organization’s usage of them 4 Make risk-based decisions about whether to standardize on, and migrate users to, certain apps Understand Cloud App Context and Usage After finding all of the cloud apps that are running in the organization, Acme IT should be able to drill down into the information surrounding those apps and understand how people are using them. This second step involves understanding contextual usage of those apps, including user identity or group, as well as the device the user is on, browser, geo- location, and time; cloud app, app instance, or app category; specific app activities, e.g., “download,” “share,” or “edit;” content type and file or object name; DLP profile, if applicable; and where and with whom content is shared. 4 Drill down into user identity, e.g., user, group, device, browser, geo-location, and time 4 Understand the app, e.g., app, app instance, or app category 4 Ascertain cloud app activities, e.g., “download,” “upload,” “share,” “edit,” or administrative activities, as well as with whom content was shared, if applicable 4 See content details, e.g., content type, file or object name; and DLP profile, if applicable 4 Perform e-discovery of content existing at rest within an app, including against a DLP profile Analytics for Monitoring, Anomaly Detection, and Forensics Now that Acme IT knows what cloud apps are relevant to the organization’s compliance posture based on category and usage, they must be able to analyze that activity against policy, pivoting around any of the parameters described above. IT must also be able to use analytics to detect anomalies to identify risky behavior and potential data loss or breach. Depending on Acme’s business operations and regulations, compliance-oriented questions will bubble to the top. IT should be able to answer specific questions, including: ● “Who from my call center in Bulgaria is accessing my CRM system, and what specifically are they doing?” ● “Who from my Investor Relations group is sharing docs from our cloud storage app during the company’s ‘quiet period’?” ● “Has any non-HR manager downloaded salary data in any cloud app in the past three months?” ● “Is there any excessive downloading or sharing that could signal a data breach?” Beyond viewing app access and activity at a point-in-time, Acme wants the ability to do “continuous compliance,” or have ongoing and uninterrupted visibility of all activities that could impact compliance with the organization’s policies. IT should be able to turn any analytics query into a watch list or report, where any defined event or any deviation from a baseline will trigger an action.
  • 4. WHITE PAPER 4 Taking the Acme use case beyond compliance, let’s say that in the course of performing analytics, IT uncovers suspicious activity. Analysts suspect that just days before leaving Acme Corp. for a competitor, an employee has exfiltrated data by downloading proprietary data from one of the company’s cloud apps and then uploading the file into a cloud storage app that he accessed with his personal login credentials. IT would like to be able to construct a forensic audit trail showing every cloud app action for that user leading up to and immediately following the incident. This would enable IT not only to uncover suspicious behavior, but also to prove a breach occurred and clearly demonstrate malicious or even criminal activity. In addition to security and compliance analysis, Acme Corp. would like to analyze cloud app usage from a performance and optimization standpoint, understanding things like uptime and latency across not just apps, but also across user locations, device types, and time periods. This information would help Acme IT hold its cloud app vendors to stated SLAs and make better decisions for traffic planning and app consolidation. 4 Run deep analytics on user behavior, pivoting around all of the above visibility parameters 4 View user behavior and activity against baselines to uncover anomalies 4 Analyze cloud app performance, e.g., uptime, latency, and SLA adherence 4 Perform forensic analysis on user activity leading up to an incident or breach Cloud Data Loss Prevention Beyond understanding cloud app activity and potential data loss, Acme IT needs to understand whether sensitive data are getting out of its control. It needs to take advantage of work that’s been done in the last decade in the security industry to bring similar data controls to the cloud. This includes incorporating industry-standard data identifiers into DLP rules, and combining those rules to create DLP profiles that can get incorporated into granular, precise policies. By wrapping potential data leakage scenarios with context, Acme can ensure fewer false positives and higher accuracy with its DLP policies. 4 Create relevant DLP profiles for your cloud apps, including personally-identifiable information, Payment Card Information, electronic Personal Health Information, and more 4 Base your DLP profiles on industry-standard data identifiers and rules and incorporate rich context (apps, users, time, location, and user activities) into your DLP policies 4 Discover content at rest already resident within your apps and take action such as change ownership, quarantine, or encrypt 4 Set DLP policies that take effect in not just one app, but across an entire category or globally, if you need them to 4 Ensure that your DLP policies can be enforced in real-time before a data breach occurs Secure Cloud Apps Through Real-time Policy Enforcement Once Acme IT analyzes the organization’s cloud usage against its policies and uncovers data risks, breaches, and potential inefficiencies, it can begin to take action. Let’s revisit our contention that using a scalpel, not a sledgehammer, to enforce your policies is the way to cloud confidence. Acme IT realizes this, and not only wants to confidently say “yes” to the apps that are already in use, but wants to move even more of its IT systems to the cloud. Acme wants to be able to set sophisticated, precise policies based on the same parameters it analyzes. For example, Acme wants to: ● Enable the use of collaboration apps, but prevent sharing of data with people outside of the company ● Disallow file uploads to cloud storage apps that contain highly sensitive data or intellectual property that, if ever leaked, stolen, or modified, could cause serious damage to the company ● Allow people in the HR and finance groups worldwide to access HR or finance/accounting apps, but block anyone outside of the U.S. from downloading salary information ● Encrypt sensitive content in context as it’s being uploaded or when it’s already resident within cloud apps 4 Enforce granular, specific policies on any of the visibility parameters or DLP profiles described above 4 Set policies once and have them enforced in real-time in any app, at the app- or category-level or globally 4 Enforce policies whether or not you manage, or even have administrative privileges, to the app 4 Enforce policies in real-time, before an undesired event or behavior happens 4 Coach users on policy violations to educate them about risky behaviors and to create transparency These five steps make up the framework for cloud confidence and the ability to take these five steps would mean that Acme IT can say “yes” overall to the cloud apps that Acme Corp. wants to use, while limiting certain risky or non-compliant behaviors within the apps: 1. Find the cloud apps running in your enterprise and understand their risk 2. Understand how those apps are being used 3. Use analytics to monitor usage, detect anomalies, and conduct forensics 4. Identify and prevent the loss of sensitive data 5. Enforce your security and compliance policies across any cloud app or app category in real-time
  • 5. WHITE PAPER 5 SUMMARY CLOUD CONFIDENCE CHECKLIST THE NETSKOPE ACTIVE PLATFORMTM: REAL-TIME CONTROL OVER ANY CLOUD APP, WHETHER IT MANAGES IT OR NOT Netskope™ is the leader in safe cloud enablement. The Netskope Active Platform™ gives IT the ability to find, understand, and secure cloud apps. Only Netskope empowers organizations to direct usage, protect sensitive data, and ensure compliance in real-time, on any device, for any cloud app so the business can move fast, with confidence. THE NETSKOPE ACTIVE PLATFORM FIND UNDERSTAND SECURE FIND CLOUD APPS AND UNDERSTAND RISK Find all cloud apps, whether sanctioned or “shadow IT” Include cloud apps that are running on-premises, remote, or on PCs or mobile Evaluate and score apps on enterprise-readiness, as measured by security, auditability, and business continuity Evaluate those apps’ risk based on your organization’s usage of them Make risk-based decisions about whether to standardize on, and migrate users to, certain apps UNDERSTAND HOW CLOUD APPS ARE BEING USED Drill down into user identity, e.g., user, group, device, browser, geo-location, and time Understand the app, e.g., app, app instance, or app category Ascertain cloud app activities, e.g., “download,” “upload,” “share,” “edit,” or administrative activities, as well as with whom content was shared, if applicable See content details, e.g., content type, file or object name; and DLP profile, if applicable Perform e-discovery of content existing at rest within an app, including against a DLP profile ANALYTICS FOR MONITORING, ANOMALY DETECTION Run deep analytics on user behavior, pivoting around all of the above visibility parameters View user behavior and activity against baselines to uncover anomalies Analyze cloud app performance, e.g., uptime, latency, and SLA adherence Perform forensic analysis on user activity leading up to an incident or breach CLOUD DATA LOSS PREVENTION Create relevant DLP profiles for your cloud apps, including personally-identifiable information, Payment Card Information, electronic Personal Health Information, and more Base your DLP profiles on industry-standard data identifiers and rules and incorporate rich context (apps, users, time, location, and user activities) into your DLP policies Discover content in real-time as it is being uploaded, downloaded, and shared as well as content that has already been stored in the cloud app and take action such as quarantine, encrypt, change ownership, or change sharing permissions, Set DLP policies that take effect in not just one app, but across an entire category or globally, if you need them to Ensure that your DLP policies can be enforced in real-time before a data breach occurs SECURE CLOUD APPS THROUGH REAL- TIME POLICY ENFORCEMENT Enforce granular, specific policies on any of the visibility parameters or DLP profiles described above Set policies once and have them enforced in real-time in any app, at the app- or category-level or globally Enforce policies whether or not you manage, or even have administrative privileges, to the app Enforce policies in real-time, before an undesired event or behavior happens Coach users on policy violations to educate them about risky behaviors and to create transparency
  • 6. WHITE PAPER 6 FIND ALL CLOUD APPS, WHETHER SANCTIONED OR SHADOW IT To find all of the cloud apps running in your organization, Netskope relies on a combination of its Cloud Confidence Index™ (CCI), a repository of thousands of enterprise cloud apps, and algorithm-based traffic analysis that discovers unknown apps. This gives you confidence in knowing what apps your organization is dealing with and lays the groundwork for further analysis and policy-setting. Beyond finding apps, Netskope informs you of the enterprise-readiness score of each app based in its security, auditability, and business continuity, as well as combines that score with your specific usage to come up with a risk score specific to your environment. THE NETSKOPE ACTIVE PLATFORM IDENTIFIES THE CLOUD APPS RUNNING AT ACME CORP. THE NETSKOPE ACTIVE PLATFORM INFORMS ACME OF ITS RISKY APPS
  • 7. WHITE PAPER 7 SEE APPS AND USAGE IN CONTEXT WITH NETSKOPE ACTIVE VISIBILITY Netskope Active Visibility provides not just information about apps and users, but complete visibility into how the apps are used within your organization. You can quickly drill down to view the apps or app instances that are being accessed, by whom, the number and duration of each app session, where people are when they access the apps, what devices and browsers they are using, what app services they are consuming, what discrete actions they are taking (log in, modify data, download content, upload content, share content, administrative actions like escalation of privileges, etc.), what content type and file or object name they are dealing with, whether it is deemed sensitive given your DLP profiles, and where and with whom it is being shared. Moreover, we normalize those activities, so you can get one consistent view across app behaviors, and can use that single truth to enforce one simple policy uniformly across all relevant apps instead of having to set policies app by app. For instance, “share” and “send,” “download” and “save,” and “edit” and “change” can each mean the same thing across different apps. Imagine that for the more than 150 different cloud storage apps in the market, of which a dozen or more could be in use your organization, you’d have to take a swivel chair approach and analyze app after app. And that’s just for cloud storage. Netskope normalizes all of these user activities across more than 50 categories of apps so you do not have to understand each app and map its activities to understand what’s going on. THE NETSKOPE ACTIVE PLATFORM LETS USERS DRILL DOWN INTO EACH ACTION OCCURRING IN A SESSION THE NETSKOPE ACTIVE PLATFORM SHOWS CLOUD APP USER ACCESS AND TRAFFIC PATTERNS AT ACME CORP.
  • 8. WHITE PAPER 8 PERFORM DEEP ANALYTICS WITH NETSKOPE ACTIVE ANALYTICS Netskope Active Analytics lets you pivot around any of the above parameters and answer any business or security question, understanding the who, what, when, and where, and with whom of any user’s or administrator’s activity within a cloud app, users’ activity overall, or activity compared to a baseline. With Netskope, you can perform granular queries, be alerted to granular behavioral anomalies, do forensic analysis after a security incident or breach, and set watch lists that will alert you on any activity. You can also run analytics on app performance, slicing by any of the visibility parameters above. DETECT ANOMALIES IN CONTEXT WITH NETSKOPE ACTIVE ANALYTICS PREVENT LOSS OF SENSITIVE DATA WITH NETSKOPE ACTIVE CLOUD DLP Netskope Active Cloud DLP is unique in preventing loss of sensitive data in the cloud in a way that is context and activity aware, works in real-time, and can be applied across any app, not app-by-app. With Netskope, you can incorporate cloud app and usage details such as the app, its category, its enterprise-readiness score per the Netskope CCI, the user or group, location of the user or app, time of day, device, browser, and user activity (e.g., “upload,” “download,” or “view”) into your policies, which helps you be precise in identifying potential data loss scenarios so you can protect data in a targeted way. This helps you increase the accuracy of sensitive data detection and protection. You can also perform introspection within certain apps to e-discover content at rest that matches a certain DLP profile, and then take action on that content such as change ownership, quarantine, or encrypt. Netskope Active Cloud DLP uses industry-standard content inspection incorporating more than 3,000 language- independent data identifiers across hundreds of categories and more than 400 file types. These come together to form DLP rules, which comprise DLP profiles. From those profiles, you can set precise, contextual policies in the Netskope Active Platform. Netskope Active Cloud DLP comes with pre-built DLP profiles or lets you easily and quickly configure custom ones. This translates to confidence that you are using proven, industry-standard DLP building blocks in your policies and protecting data in context, leading to accuracy and effectiveness.
  • 9. WHITE PAPER 9 NETSKOPE ACTIVE CLOUD DLP PROFILES ENFORCE GRANULAR POLICIES IN REAL TIME ACROSS ANY APP WITH NETSKOPE ACTIVE POLICIES Once you discover and analyze your cloud apps and their usage in the context of your business policies, Netskope Active Policies let you set and enforce granular policies that will take effect across whatever cloud apps you specify (one app, one app instance, a category of apps, or all of the cloud apps in your environment) in a few clicks. In fact, as you’re analyzing cloud app usage by clicking and drilling into the visibility parameters described above, The Netskope Active Platform is building breadcrumbs that you can turn into a policy in Netskope Active Policies at any time. Beyond incorporating contextual details such as device and location into your policy, you can incorporate apps’ CCI scores and DLP profiles into your policy-setting to narrow the contextual aperture in order to be targeted and accurate, minimizing false positives and false negatives. Finally, Netskope offers a variety of actions that you can specify as an outcome of policy non-compliance. You can block, alert, bypass, encrypt, coach users, or kick off a workflow to remediate, record, or report on the out-of- compliance event or activity. Some examples of how granular a policy can be include: ● Allow users in Sales to share any public collateral while preventing them from downloading content deemed “confidential” from a cloud storage app ● Alert IT if any user in Investor Relations shares content from a finance/accounting app with someone outside of the company ● Block any user located outside of the U.S. from downloading contacts from any CRM app ● Only allow data uploads to apps that have a CCI score of ‘Medium’ or above, and block uploads to the rest NETSKOPE ACTIVE POLICIES LET ADMINS ENFORCE CONTEXTUAL, GRANULAR POLICIES
  • 10. WHITE PAPER 10 NETSKOPE ACTIVE POLICIES LET YOU COACH USERS WITH CUSTOMIZED MESSAGING HOW THE NETSKOPE ACTIVE PLATFORM WORKS When we built the Netskope Active Platform, we envisioned giving you deep views and tons of flexibility to answer any business or security question about your organization’s cloud apps, as well as the power to enforce your policies in real time. In order to achieve this, we knew we needed to inspect cloud app traffic but also take a fundamentally different approach to looking at data and taking action. Being in the data plane carries with it a high level of responsibility, so we pulled together a group of proven veteran architects and engineers, including some of the original or founding architects from companies like NetScreen, Palo Alto Networks, Juniper, Cisco and McAfee, who have solved similar challenges in the past. We first started by looking at the application layer traffic, and, rather than deeply inspecting network packets, we developed a method for deeply inspecting cloud app transactions in real time and all calls to them, whether they were made within the confines of the corporate network or outside, from a laptop or mobile device, or from a browser or native app. We call this Deep API Inspection, or DAPII. Unlike existing pattern recognition methods that, for example, inspect “GET” and “POST” traffic in web sessions to find malicious or inappropriate websites, DAPII relies on information available from API transactions as they are actually occurring. We built connectors, or standardized integrations, for cloud apps that we use to interpret the “conversation” between browsers and apps. Connectors convey those conversations in JSON files, which contain a structure and format that allow Netskope to both understand what actions a user is performing in the app as it is happening, but also normalize those activities across all of the apps Netskope is dealing with. So, as in the prior example, if someone “shares” content in one app and “sends” it in another, Netskope will know and report on the fact that they are the same action. In short, Netskope enables you to see what is truly going on inside of an app without having to break apart or understand that app. For example, without Netskope, you may be able to see that a user went to a URL and during that session, and 973 upstream bytes were sent or retrieved, whereas Netskope gives you a much more detailed, context-aware and intelligent description of what happened: “Joe from Investment Banking, currently in Japan, shared his M&A directory with an investor at a hedge fund at 10 PM—something he has never done before.” It’s worth taking a moment to explain how we make sure that we gain visibility and enforce policy dynamically on your enterprise’s cloud app transactions and traffic. We enable and have production deployments on a host of non-mutually exclusive, in-line and out-of-band deployment options. Each with these methods has a different level of theoretical coverage, visibility, and enforcement, from the most basic to the most advanced and real-time, so it’s important to choose the right one(s) to facilitate your use cases. The options include: Out-of-band: ● Log-based. You can upload logs from your perimeter networking equipment such as your web gateway or next- generation firewall to Netskope offline. ● Introspection via API connectors. We connect to your sanctioned app using the OAuth authorization standard to give you control of content already residing in the app. Note that this only applies to apps that IT sanctions and administers.
  • 11. WHITE PAPER 11 In-line: ● Agentless. We steer your users’ on-premises cloud network traffic to the closest one of four Netskope SOC-1/SOC-2, SSAE- 16 Type 2-certified data centers around the world, which sits between your network and your cloud apps and is transparent to your users. ● Thin agent or mobile profile. We steer your users’ remote cloud network traffic to Netskope via an agent or, if a mobile device, a mobile profile ● Reverse proxy. We redirect traffic to a modified URL of your sanctioned cloud apps. Note that this only applies to apps that IT sanctions and administers. In the first out-of-band method, log analysis provides you information about what apps you have, and the Netskope Active Platform categorizes them, gives you a view of their enterprise-readiness, and gives you a risk view based on a combina- tion of those apps’ enterprise-readiness. Though useful, it’s only a small fraction of what you’d be able to see and doesn’t include the real-time policy enforcement that you’d get with the other implementations. In the second out-of-band method, app introspection gives you a deep view within specific apps that you administer. It en- ables you to e-discover and inventory both content and users of that content. It then lets you take action on that content, including re-assign ownership, set sharing permissions, quarantine files, and apply encryption of data-at-rest. The in-line methods inspect enterprise cloud app traffic to give you deep visibility, the ability to perform analytics in real-time, and dynamic policy enforcement for your enterprise cloud apps. Each level has its own level of coverage based on theoretical limitations of the method. The agentless method provides you a “touchless” way to get on-premises cloud app network traffic from the user’s PC or mobile device to the Netskope cloud for analysis. Because it sits at your network’s egress point, it is limited to on-premises network traffic. The thin agent gives you the same visibility, analytics, and enforce- ment as in the agentless, but also coverage of any device that’s outside of the four walls of your organization. And finally, the reverse proxy method gives you a “touchless” way to get cloud app visibility and control, however, it is limited only to apps you administer. NETSKOPE TOPOLOGICAL LAYOUT INTERNET DEPLOYMENT OPTIONS PUBLIC CLOUD APPS ANALYTICS & REAL-TIME POLICY ENGINE NETSKOPE ADMIN CONSOLE NETSKOPE APIs PRIVATE/HYBRID CLOUD (Thousands) REVERSE PROXY INTROSPECTION How does Netskope handle policy enforcement in the in-line deployments? When your cloud app network traffic reaches the Netskope data plane in one of our data centers, the encrypted traffic will terminate at our instance, we will interpret user activity within the apps using DAPII, and then we will disallow or take an if-then action (for, say, an alert or workflow) on whatever function from that API on which you have created a policy. As you start to enforce policies across not just one or two, but dozens of apps, Netskope becomes even more valuable. When you set a policy, you expect to be able to enforce it in one app, across a category of apps, or universally across all of your cloud apps. Because Netskope does the heavily lifting to identify and normalize behaviors in all cloud apps, when you set a policy once you know that it will be carried out across all of the apps you want it to. So, when you set a granular policy such as “Let people in my call center use CRM, but don’t let them download customer contacts onto a mobile device if they’re outside of my country,” or set policies about what apps you will and won’t allow based on their CCI score, you know that those policies will be enforced immediately before an undesired act occurs… and that you can do it at network speed and enterprise scale.
  • 12. WHITE PAPER 12 ABOUT NETSKOPE Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence. ABOUT EVERYCLOUD EveryCloud is a UK-based cyber security specialist that helps organisations in any sector to drive the most value from their cloud services and remain Cloud Confident in a constantly changing threat landscape. Focused on Internet and Cloud App infrastructure access, Cloud Application Security, Data Loss Prevention (DLP), Compliance, and Identity Access/Single Sign On solutions, EveryCloud works with the world’s leading cloud access security brokers including Netskope™. EveryCloud’s award-winning founders pioneered unified communications and cloud telephony in the UK, building a business that became a member of the Fast Tech Trek 100 and one of the UK’s fastest growing telecoms providers. ®