Quantifizieren Sie den Wert von Netskope One SSE – Holen Sie sich die Forrester Total Economic Impact-Studie™ 2024

Schließen
Schließen
  • Warum Netskope? Chevron

    Verändern Sie die Art und Weise, wie Netzwerke und Sicherheit zusammenarbeiten.

  • Unsere Kunden Chevron

    Netskope betreut weltweit mehr als 3.400 Kunden, darunter mehr als 30 der Fortune 100

  • Unsere Partner Chevron

    Unsere Partnerschaften helfen Ihnen, Ihren Weg in die Cloud zu sichern.

Ein führendes Unternehmen im Bereich SSE. Jetzt ein führender Anbieter von SASE.

Erfahren Sie, warum Netskope im Gartner® Magic Quadrant™️ 2024 für Single-Vendor Secure Access Service Edge als Leader debütiert

Report abrufen
Customer Visionary Spotlights

Lesen Sie, wie innovative Kunden mithilfe der Netskope One-Plattform erfolgreich durch die sich verändernde Netzwerk- und Sicherheitslandschaft von heute navigieren.

Jetzt das E-Book lesen
Customer Visionary Spotlights
Die partnerorientierte Markteinführungsstrategie von Netskope ermöglicht es unseren Partnern, ihr Wachstum und ihre Rentabilität zu maximieren und gleichzeitig die Unternehmenssicherheit an neue Anforderungen anzupassen.

Erfahren Sie mehr über Netskope-Partner
Gruppe junger, lächelnder Berufstätiger mit unterschiedlicher Herkunft
Ihr Netzwerk von morgen

Planen Sie Ihren Weg zu einem schnelleren, sichereren und widerstandsfähigeren Netzwerk, das auf die von Ihnen unterstützten Anwendungen und Benutzer zugeschnitten ist.

Whitepaper lesen
Ihr Netzwerk von morgen
Netskope Cloud Exchange

Cloud Exchange (CE) von Netskope gibt Ihren Kunden leistungsstarke Integrationstools an die Hand, mit denen sie in jeden Aspekt ihres Sicherheitsstatus investieren können.

Erfahren Sie mehr über Cloud Exchange
Luftaufnahme einer Stadt
  • Security Service Edge Chevron

    Schützen Sie sich vor fortgeschrittenen und cloudfähigen Bedrohungen und schützen Sie Daten über alle Vektoren hinweg.

  • SD-WAN Chevron

    Stellen Sie selbstbewusst sicheren, leistungsstarken Zugriff auf jeden Remote-Benutzer, jedes Gerät, jeden Standort und jede Cloud bereit.

  • Secure Access Service Edge Chevron

    Netskope One SASE bietet eine Cloud-native, vollständig konvergente SASE-Lösung eines einzelnen Anbieters.

Die Plattform der Zukunft heißt Netskope

Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG) und Private Access for ZTNA sind nativ in einer einzigen Lösung integriert, um jedes Unternehmen auf seinem Weg zur Secure Access Service Edge (SASE)-Architektur zu unterstützen.

Netskope Produktübersicht
Netskope-Video
Next Gen SASE Branch ist hybrid – verbunden, sicher und automatisiert

Netskope Next Gen SASE Branch vereint kontextsensitives SASE Fabric, Zero-Trust Hybrid Security und SkopeAI-Powered Cloud Orchestrator in einem einheitlichen Cloud-Angebot und führt so zu einem vollständig modernisierten Branch-Erlebnis für das grenzenlose Unternehmen.

Erfahren Sie mehr über Next Gen SASE Branch
Menschen im Großraumbüro
SASE-Architektur für Dummies

Holen Sie sich Ihr kostenloses Exemplar des einzigen Leitfadens zum SASE-Design, den Sie jemals benötigen werden.

Jetzt das E-Book lesen
SASE-Architektur für Dummies – E-Book
Steigen Sie auf marktführende Cloud-Security Service mit minimaler Latenz und hoher Zuverlässigkeit um.

Mehr über NewEdge erfahren
Beleuchtete Schnellstraße mit Serpentinen durch die Berge
Ermöglichen Sie die sichere Nutzung generativer KI-Anwendungen mit Anwendungszugriffskontrolle, Benutzercoaching in Echtzeit und erstklassigem Datenschutz.

Erfahren Sie, wie wir den Einsatz generativer KI sichern
ChatGPT und Generative AI sicher aktivieren
Zero-Trust-Lösungen für SSE- und SASE-Deployments

Erfahren Sie mehr über Zero Trust
Bootsfahrt auf dem offenen Meer
Netskope erhält die FedRAMP High Authorization

Wählen Sie Netskope GovCloud, um die Transformation Ihrer Agentur zu beschleunigen.

Erfahren Sie mehr über Netskope GovCloud
Netskope GovCloud
  • Ressourcen Chevron

    Erfahren Sie mehr darüber, wie Netskope Ihnen helfen kann, Ihre Reise in die Cloud zu sichern.

  • Blog Chevron

    Erfahren Sie, wie Netskope die Sicherheits- und Netzwerktransformation durch Secure Access Service Edge (SASE) ermöglicht

  • Events und Workshops Chevron

    Bleiben Sie den neuesten Sicherheitstrends immer einen Schritt voraus und tauschen Sie sich mit Gleichgesinnten aus

  • Security Defined Chevron

    Finden Sie alles was Sie wissen müssen in unserer Cybersicherheits-Enzyklopädie.

Security Visionaries Podcast

Prognosen für 2025
In dieser Folge von Security Visionaries diskutieren wir mit Kiersten Todt, President bei Wondros und ehemaliger Stabschef der Cybersecurity and Infrastructure Security Agency (CISA), über Prognosen für 2025 und darüber hinaus.

Podcast abspielen Alle Podcasts durchsuchen
Prognosen für 2025
Neueste Blogs

Lesen Sie, wie Netskope die Zero-Trust- und SASE-Reise durch SASE-Funktionen (Secure Access Service Edge) ermöglichen kann.

Den Blog lesen
Sonnenaufgang und bewölkter Himmel
SASE Week 2024 auf Abruf

Erfahren Sie, wie Sie sich in den neuesten Fortschritten bei SASE und Zero Trust zurechtfinden können, und erfahren Sie, wie sich diese Frameworks an die Herausforderungen der Cybersicherheit und Infrastruktur anpassen

Entdecken Sie Sitzungen
SASE Week 2024
Was ist SASE?

Erfahren Sie mehr über die zukünftige Konsolidierung von Netzwerk- und Sicherheitstools im heutigen Cloud-dominanten Geschäftsmodell.

Erfahre mehr zu SASE
  • Unternehmen Chevron

    Wir helfen Ihnen, den Herausforderungen der Cloud-, Daten- und Netzwerksicherheit einen Schritt voraus zu sein.

  • Karriere Chevron

    Schließen Sie sich den 3.000+ großartigen Teammitgliedern von Netskope an, die die branchenführende Cloud-native Sicherheitsplattform aufbauen.

  • Kundenlösungen Chevron

    Wir sind für Sie da, stehen Ihnen bei jedem Schritt zur Seite und sorgen für Ihren Erfolg mit Netskope.

  • Schulungen und Akkreditierungen Chevron

    Netskope-Schulungen helfen Ihnen ein Experte für Cloud-Sicherheit zu werden.

Unterstützung der Nachhaltigkeit durch Datensicherheit

Netskope ist stolz darauf, an Vision 2045 teilzunehmen: einer Initiative, die darauf abzielt, das Bewusstsein für die Rolle der Privatwirtschaft bei der Nachhaltigkeit zu schärfen.

Finde mehr heraus
Unterstützung der Nachhaltigkeit durch Datensicherheit
Helfen Sie mit, die Zukunft der Cloudsicherheit zu gestalten

Bei Netskope arbeiten Gründer und Führungskräfte Schulter an Schulter mit ihren Kollegen, selbst die renommiertesten Experten kontrollieren ihr Ego an der Tür, und die besten Ideen gewinnen.

Tritt dem Team bei
Karriere bei Netskope
Die engagierten Service- und Support-Experten von Netskope sorgen dafür, dass Sie unsere Plattform erfolgreich einsetzen und den vollen Wert ihrer Plattform ausschöpfen können.

Gehen Sie zu Kundenlösungen
Netskope Professional Services
Mit Netskope-Schulungen können Sie Ihre digitale Transformation absichern und das Beste aus Ihrer Cloud, dem Web und Ihren privaten Anwendungen machen.

Erfahren Sie mehr über Schulungen und Zertifizierungen
Gruppe junger Berufstätiger bei der Arbeit

Gartner Research Spotlight: How to Evaluate and Operate a Cloud Access Security Broker

Dec 18 2015
Tags
Cloud Best Practices
Cloud Security
Tools and Tips

The cloud access security broker (CASB) market is gaining a lot of momentum as more organizations look for a solution to help them with cloud service visibility, security, and compliance. Gartner estimates that by 2020, 85% of large enterprises will use a CASB solution for their cloud services, which is up from fewer than 5% in 2015. Customers today have a variety of options when it comes to choosing a CASB vendor and the selection process can be confusing given the variety of vendor capabilities. Just in time for the holidays, Gartner is helping customers maneuver the CASB landscape by authoring a research paper titled “How to Evaluate and Operate a Cloud Access Security Broker”.

I would like to use this opportunity to share some of the highlights of Gartner’s paper and provide a Netskope perspective on the “access centric” piece of the Gartner CASB framework. I will touch on the “threat centric” piece in a future blog post.

In this paper, Gartner uses their Adaptive Security Architecture to help IT security leaders develop a CASB strategy that is based on a continuous and adaptive approach to cloud security and governance. Here is a synopsis of each of Gartner’s best practices and Netskope’s commentary on each of these. You can get the full Gartner paper here.

Achieve Cloud Service Visibility and Perform a Risk and Compliance Assessment

To understand the risks associated with the use of cloud services, enterprises need visibility into what cloud services are already in use (and by which people); the sensitivity of the data being handled; which devices are used to access that data; and from where it’s accessed. In almost all cases, even when enterprises feel they have a good understanding of cloud services use, unsanctioned (also referred to as “shadow IT” or “citizen IT”) usage is taking place.

Netskope Take
Gartner presents what is often a critical starting point to assessing risk with cloud usage: The need to see what is going on in your environment. Although Gartner states that the capability of discovery itself is becoming a commodity, Netskope believes there is an opportunity to expand the scope of discovery to make sure that apps, data, users, devices, and location also cover unsanctioned cloud usage. Understanding what activities are occurring in your environment (e.g. sensitive data being uploaded to unsanctioned cloud apps) is a key component of assessing your risk. Many CASB vendors can help you assess risk at the activity level for sanctioned cloud apps, and can only see activities for the sanctioned apps they manage. Only Netskope allows you to see risky activities across both sanctioned and unsanctioned cloud apps.

Use the CASB to Select Appropriate Cloud Services

Enterprises need to continue to understand and verify the compliance and security posture of this cloud service. Leading CASBs have genuine intellectual property with their cloud service assurance databases. A well-designed reporting tool into this database will enable organizations to specify a template of the features and options that cloud services must have before they can even be considered for use by an organization.

Netskope Take
Assessing the risk of the cloud app itself is absolutely a critical best practice. Netskope has a dedicated team that researches tens of thousands of cloud apps and assigns an enterprise-readiness score (Cloud Confidence Index) to each. This is based on objective criteria taking in account the Cloud Security Alliance (CSA) Cloud Controls Matrix in addition to our own research. There are two key use cases that this addresses. The first is tying this to the discovery of cloud apps running in your environment and measuring the enterprise-readiness of each of the discovered app so you can assess risk. The other use case is for vendor assurance or vetting new cloud apps that you are looking to bring into your environment. Netskope can be your outsourced due-diligence team and you can use our service as a “consumer reports for your cloud apps”.

Plan for Adaptive Access

To manage risk, enterprises are looking to CASB providers for the ability to apply real-time context to the decision as to whether a cloud service should be accessed — for example, restricting access based on the location, time of day or whether the device is enterprise-managed.

Netskope Takenace

This best practice is critical. Context is key when it comes to determining whether a cloud service should be accessed. Without context, you are forced to take a sledgehammer approach to cloud usage policies and perform an allow vs. block at a coarse-grained level. Understanding who the user is, what device they are connecting from, whether it is managed or unmanaged, what activity they are performing, and what data they are working with will help you be laser focused in putting policies in place. The net-result is you don’t have to perform wide-sweeping block policies that impact users performing real work. You can target specific cases that pose a risk and minimize the sacrificial lambs.

Treat the Encryption and Tokenization of Data with Care

Several CASB solutions support the optional encryption and/or tokenization of data (at the field- or the file-content/object level), so that enterprises can meet the legal and regulatory requirements of their industries or countries. Implemented properly, data protection using encryption/tokenization, while the enterprise maintains control of the key/tokenization dictionary, can be a powerful way to protect sensitive data in the cloud. It can also prevent the cloud service provider from seeing it, if necessary, to satisfy compliance policy requirements. However, when implemented as an in-line proxy, this may create a single point of failure for the cloud service being accessed. If the CASB solution is down, access may not be possible, or, if accessible, the data may be unintelligible. Likewise, if the CASB mapping of the cloud service functionality is incorrect, due to a cloud service update, the CASB may effectively break the cloud service. More importantly, the encryption and or tokenization of data will often affect the end-user functionality of the SaaS application — specifically, search, indexing, sorting, numeric operations at the field level and functions such as document preview in an EFSS, if an object-level attachment is encrypted. Because of these issues, external cloud data protection should only be considered only when it is demanded by regulatory requirements.

Netskope Take

Encryption-iconEncryption is a key part of any cloud security strategy. Netskope provides strong encryption capabilities to enhance security and confidentiality of content exposed to the cloud. Files can be selectively encrypted in flight to avoid indexes for sensitive data, augmenting the confidentiality capabilities of providers that already offer encryption, or bulk processed to bring encryption to services that don’t offer it natively. Gartner’s warnings around cloud encryption are absolutely correct. It is important to understand the trade-offs that come with it and the specific use cases where it makes sense along with the use cases where maybe not be applicable.

Continuously Verify Secure and Compliant Sensitive Data Usage

Most enterprises have a blind spot when sensitive data is stored in cloud services. The CASB platform should provide for continuous sensitive data monitoring — sometimes referred to as “cloud DLP” — through APIs or via in-line inspection. Here, the CASB solution should provide an understanding and a mapping of sensitive information flows — who, what, when where and why — even if no action is taken.

Netskope Take

Cloud DLP is a critical part of any cloud security strategy and Gartner accurately points out that context needs to be applied to DLP so you can map to a cloud security policy to handle sensitive data leakage. Netskope offers the most powerful cloud DLP out of any CASB vendor. More than 3,000 data identifiers, 500 file types, out of the box compliance profiles such as PCI, PHI, and PII, and advanced features such as proximity, fingerprinting, and exact match make up a powerful DLP engine. Extend that DLP engine with integration to on-premises data loss prevention software offerings along with the ability to point our DLP engine in context to both sanctioned and unsanctioned sets our “noise-cancelling” cloud DLP solution apart from the CASB pack.

Continuously Verify Secure and Complaint Usage

In addition to sensitive data monitoring, we believe that all cloud activities (actions and transactions) should be continuously monitored, logged and analyzed, and ideally, they should provide the alternative to real time, cloud service, transactional (actions within the cloud service) decision making on a per user, application, device or transaction basis. This is a more granular form of adaptive access, based on context — for example, downloading customer records from Salesforce. At a minimum, this action would be logged. If the context of the action violates policy — for example, downloading customer records onto an unmanaged device — then the action could be blocked or a warning message could be displayed to the user before allowing the process to proceed. Alternatively, a step-up authentication method, such as an out-of-band text message, could be triggered if anyone suspects the account has been compromised.

Enterprises should favor CASB vendors that provide embedded user and entity behavior analytics (UEBA) capable of baselining the actions of specific users, groups, devices, apps and roles, and using this context to detect anomalous behaviors that might indicate an insider threat, data exfiltration activity or someone using compromised credentials. For example, if a user is downloading an abnormally large amount of customer data, as compared with what is normal for him or her (or for his or her peers), an event could be generated, or the requested download could be blocked.

Netskope Take

There is an obvious theme that is bubbling to the top and that is the importance context plays when getting visibility into cloud usage. Context is also important when it comes to behavior analysis and determining when activities are abnormal. Netskope leverages our unique capability to see activity-level details across sanctioned and unsanctioned cloud apps and uses context and anomaly detection algorithms to determine when an activity is outside of the norm.

Investigate and Respond to Exceptions
Exceptions will be flagged in the access and use of cloud services that must be investigated. Because the core of any enterprise CASB strategy (and of the framework) is based on continuous visibility, this data must be available to a security analyst to investigate incidents that have been flagged, including in existing tools, such as security information and event management (SIEM). In some cases, no action will be needed. In other cases, adjustments to policies may be required — for example, providing a given user or group more or less access. Leading CASBs are becoming increasingly sophisticated, enabling the exception response to be automated and making the data or process owners (and not IT) the primary escalation and action point for workflow.

Netskope Take

The need for continuous visibility drives the requirement to have a system in place to manage exception on an ongoing basis. External SIEM tools are a key extension to CASB and Netskope specifically provides integration with a variety of 3rd party SIEM platforms. What is more is that Netskope leverages a REST API to make available all the rich contextual data involving apps, users, devices, location, data, and activities directly to the SIEM so activities can be correlated and exceptions can be properly managed.

Manage Usage

In addition to managing exceptions, the rich amount of cloud services usage data can be analyzed and used to better manage cloud use. For example, to enable an operations or security analyst to visualize overall usage and activities, as described previously, business unit application owners should also be able to view this data and make intelligence-driven decisions as to access and licensing. Ideally, the CASB platform provides visualization capabilities to visualize and understand trending, as well as highlighting over-licensing or under-licensing situations. In addition to the native management console, the event data stream should be exportable to enterprise SIEM systems for analysis and compliance reporting. If policy changes are considered, the CASB solution should provide the ability to proactively model the impact and risk of making the change before the change is implemented.

Netskope Take

This is a great way to close on the best practices for cloud services access. A CASB is only as useful as the data you are able to get out of it. Netskope provides a risk dashboard to help customers visualize their risk based on apps discovered, use activity, compromised credentials and a number of criteria. Netskope also provides an app analytics facility where you can slide and dice data to get the answers you are looking for along with custom reports that are generated from ad-hoc queries. This is extremely powerful enabling you to get answers to questions like “show me download activity for users that are about to leave the company.

Summary

The CASB market is gaining momentum and 2016 just might be the year of the CASB. If you are evaluating CASB, I highly recommend taking a look at the Gartner paper, “How to Evaluate and Operate a Cloud Access Security Broker” and obviously take a look at Netskope.

author image
Bob Gilbert
As Vice President of Strategy and Chief Evangelist at Netskope, Bob is dedicated to helping clients transform their security and networking infrastructure.
As Vice President of Strategy and Chief Evangelist at Netskope, Bob is dedicated to helping clients transform their security and networking infrastructure.

Bleiben Sie informiert!

Abonnieren Sie den Netskope-Blog