Standing Up an Effective Cloud Security Program

When we started Netskope more than three years ago, I truly believed that we were addressing an important problem for enterprise security teams – how to gain back the visibility and control that they were losing as the rapid growth of cloud-based apps dissolved their enterprise perimeter. In those early days, many of the IT leaders I spoke with didn’t immediately appreciate the problem. Maybe they were in denial. Over time, though, more and more turned their attention to shadow IT and cloud app usage, as well as the associated risk..

I’m gratified to see that many companies are eager to understand how cloud apps are being used in their organizations and are now moving to implement new controls for cloud app usage. It’s amazing to see how far we’ve come in just a few short years.

As we’ve worked with more of our customers as they move from their initial discovery efforts to implementing cloud app controls, we have continued enhancing our platform to give them the operational capabilities they need to make these new controls work well in their organizations. In some cases, this meant that we needed to integrate with the existing tools that they had in place for their security operations (Sec Ops) teams. So we used our REST API to connect to and enhance tools like security information and event management (SIEM) platforms from Splunk to IBM QRadar and HP ArcSight.

As Netskope becomes a critical part of enterprises’ infrastructure, we continue to build higher order capabilities directly into the Netskope platform. Today we are announcing an exciting new set of incident management and role-based access control capabilities that are designed to help enterprise security teams more quickly ramp up their cloud security programs. We realize that it’s important to respond to security incidents quickly and completely, so we’ve made some important enhancements to our platform with that goal in mind:

• Closed-Loop Workflows: Our new workflow capabilities are designed to help enterprise security teams manage the end-to-end incident management process from incident discovery to resolution. A workflow for admins and analysts helps security teams assign owners, escalate incidents for review, manage incident severity and communicate within the team with incident tags and notes. The remediation workflow provides the security analyst with options to take actions such as notifying users or protecting sensitive data as well as managing exceptions and false positives.
• Detailed Forensics: We provide a wealth of detailed, contextual information for each incident. Here we benefit from Netskope’s unique ability to look deep into cloud app traffic. The analyst can quickly see which policy was violated and any action taken. In addition, he can see any sensitive data in context and also a range of additional information for each incident including the user, device, location, app and app instance. This gives the analyst complete context to make well informed decisions.
• Incident History: Our event-by-event incident history interlaces all activities for a given incident. This includes all relevant user activities, policy triggers and all actions taken by admins and analysts to manage and remediate the incident. With a detailed timeline of these events, analysts and auditors are able to track progress on incidents and confirm a successful resolution.
• Customizable Role-Based Access Control: As we’ve worked with more companies, we’ve found many similarities across different Sec Ops teams, but have also seen that each customer has its own unique twist on how they organize themselves. With that in mind, we’ve made some significant enhancements to Netskope’s role-based access control. We’ve expanded the number of pre-defined admin and analyst roles from three to 11. More importantly, we’ve added a very granular ability to define custom roles by both admin functions and organizational scope, all the way down to user/group/OU, location and even app and app instance.

If you’d like to read more about this announcement, check out our press release. There is also a demo video available that will show you some of these new capabilities in action.