Netskope
Shared Security
Responsibility Model

Netskope is a leading cloud security platform that offers comprehensive solutions to address the challenges of securing cloud services, web traffic, and cloud data. Netskope stands as a leading force in cloud security, offering a robust platform designed to safeguard organizations navigating the complexities of the modern digital landscape. With a focus on comprehensive solutions, Netskope empowers businesses to securely embrace the benefits of cloud services, manage web traffic, and protect sensitive data across diverse cloud environments. Its capabilities are commonly classified under the secure access services edge (SASE) category. By providing visibility, control, and compliance tools, Netskope equips organizations with the means to mitigate risks, detect threats, and maintain regulatory compliance, ensuring a secure and resilient foundation for their digital operations.

Security is a shared responsibility between Netskope and each customer. The shared model can help relieve the customer’s operational burden as Netskope operates and manages the required Netskope infrastructure for customer environments. Customers assume the responsibility and management of their owned assets ensuring these meet their own policies and control environment requirements.

Division of Responsibilities

The following diagram illustrates the responsibilities between Netskope and its customers. This applies only to the Netskope services procured by the customer.

Netskope owns the responsibility for the security of infrastructure, platform and applications hosted on the Netskope platform, whereas the customers own the responsibility of access management for those applications, maintaining and configuring the application and policies according to their internal security policies.

Both Netskope and each customer share the responsibility for information and data security, data management, software updates and patching, network configuration and management, security compliance and regulation and business continuity and disaster recovery. The shared responsibility of Netskope lies in the boundaries managed by Netskope and for customer(s) lies in the boundaries managed by customer(s).

Each customer is responsible for identifying and implementing the initial and ongoing selection of appropriate services options and configurations for the discrete compliance and security requirements for that customer.

Netskope’s Responsibilities

Infrastructure Security: Netskope is responsible for the security of its infrastructure, including data centers, networks, and hardware.

Platform and Application Security: Netskope is responsible for security of its platform and hosted applications.

Monitoring and Incident Response: Netskope monitors its systems for security threats and responds to security incidents that occur within its platform.

Customer Responsibilities

Accounts and Access Management: Customers are responsible for security of the accounts and access to services and applications that are purchased from Netskope such as tenant access and accounts configured in those tenants, including the configuration of allowed authentication options to the tenant, i.e. Netskope native authentication (local account including the tenant administrator account) and/or SSO enablement.

Customers are also responsible for monitoring access to their tenants and responding to any unauthorized access attempts.

Configuration Management: Customers are responsible for configuring Netskope’s services according to their security policies and requirements, including security hardening, configuring logging and auditing settings, authentication, and defining security policies for their users etc. Netskope has published a security hardening best practices guide to support customer hardening configurations. Please refer here.

Asset (PCs and Mobile): Customers are responsible for maintaining and auditing their assets that they are securing by using Netskope products and services.
Shared Responsibilities

Shared Responsibilities

Customer Data Management: Both Netskope and Customers share the responsibility of managing the data which belongs to customers. Customers are responsible for configuring the configurations, controls, and policies to upload the data in Netskope platform and Netskope is responsible for securely storing the data and purging the data, as needed.

Customer Data and Information Security: Both Netskope and Customers share the responsibility for data and information security. Customers control what type of data needs to be secured and using which Netskope service to secure it, whereas Netskope ensures the security of data when stored, processed and analyzed by Netskope services within the Netskope platform.

Software Updates and Patching: Both Netskope and customers share responsibility for keeping the software up to date with the latest security patches and updates to protect against known vulnerabilities. Netskope’s responsibility is to provide the patch and keep the security cloud platform updated, customers are responsible for updating and patching the software and applications in their environment.

Risk Management: Both parties share the responsibility for identifying, assessing, and mitigating security risks associated with the use of Netskope’s services.

Security Compliance to Regulations: While Netskope can support customers with best in class security technology achieving and maintaining regulatory and other requirements it has to be maintained by our customers while Netskope will ensure the technology is available for use and maintains strong health and performance. To support Data Sovereignty and privacy Netskope has many solutions and features to support our customers which we will continue to develop and maintain; however, our customers will need to work with their business partners and regulators to achieve compliance.

Business Continuity and Disaster Recovery: Both Netskope and customers share responsibility for business continuity and disaster recovery. Netskope has built a resilient and high availability infrastructure and solution with NewEdge to support customer business continuity and disaster recovery planning with Netskopes services. Customers must configure and leverage the configurations and available services from Netskope to meet their business continuity and disaster recovery requirements to minimize the impact with any interruption to Netskope’s services and solutions. Netskope has published a Netskope Disaster Recovery plan available on request and under NDA outlining the disaster recovery options supported by Netskope along with the Customer responsibilities during an outage that can be incorporated into customer BCP/DR Plans.

Network Configuration and Management: While Netskope is responsible for the networking configurations and management of its platform infrastructure and applications, customers have responsibility to configure their networks to ensure the smooth and secure connectivity between their systems and the Netskope cloud platform and applications.

For your convenience, Netskope has published additional guidance on secure tenant configuration and hardening.