Security for the “cloud everything” era

As you read in Sanjay’s blog post, we are excited to announce that we closed a $100 million series E funding round. This is awesome news for the team here at Netskope, because this new funding is the critical fuel that we will use to continue building the Netskope cloud security platform. We believe that a new approach is needed to solve the challenges that enterprise are facing with the rapid adoption of the cloud. One such challenge is the security risk posed by the increasingly blurred lines between cloud and web.

Netskope was founded with the belief that the far-reaching impact of the cloud would require a fundamentally new approach to security. To that end, we built our solution with a few key tenets in mind:

• The first is that organizations would, wittingly or unwittingly, use many cloud services, and only a few of them would be administered centrally by IT.
• The second is that people would access those apps from everywhere, on a multitude of devices.
• And the third is that, rather than block apps outright, IT would prefer to govern what people do in them.

Those tenets drove our architectural choices, and are the source of our differentiation in the market. Let’s look at some of these drivers in a little more detail.

An Explosion of Cloud and the Unsanctioned Cloud

Netskope has done thousands of cloud risk assessments. Data from these risk assessments show that over one thousand cloud applications are in use at a typical enterprise. What’s important to note is that while IT may have sanctioned a few dozen (at most) of these cloud applications, the rest are driven by business units or teams being unshackled from the restrictions of an IT procurement and deployment process. Every employee in the enterprise may also choose to adopt their own preferred cloud app; often taking advantage of the freemium model of many cloud apps to get their work done. A lot of times it is hard for IT to distinguish between the enterprise sanctioned and the employee adopted instances of the same cloud app.  

Teams within an enterprise are rapidly adopting IaaS or PaaS solutions to build their own applications without waiting for IT to procure, deploy and manage the infrastructure needed to support these applications.   

Each one of these unsanctioned SaaS or custom applications built on IaaS or PaaS infrastructure use public or private APIs that are opaque to legacy security solutions. The ramifications of an API call may not be clear from the context gleaned from just looking at the network traffic.   A modern security solution needs to understand these API calls in order to address the risks created by this explosion of cloud services.

Anywhere Access

Enterprise users today expect to be able to access their collaboration or business critical applications from anywhere, at any time and from any device. Being at work is no longer defined by the location of the employee but is a function of their activities. Work is not a place you go, it’s a thing you do. Work may involve not just using a traditional desktop or even a laptop but also a mobile device like a smartphone or a tablet. And the data may be accessed from not just a browser but an app or a sync client.    

Legacy solutions are unable to glean the context of the user activities from the use of cloud services from modern devices and with modern access methods. Why is that? In a typical cloud transaction, API calls may be pipelined as well as multiplexed over HTTP/S. What that means in layman’s terms is that you cannot just look at the first few bytes of a connection or even the entirety of a single HTTP connection, but have to stitch together activities that may occur within a connection as well as across connections to be able to correctly interpret the end result.

Safely Enable — Don’t Block

Enterprises need to allow all access to sanctioned cloud applications and business related usage of corporate data while protecting against data exfiltration and the infiltration of malware.   

Cloud is an unsecured channel at a typical enterprise,  where legacy solutions take an allow or block approach to cloud usage.   New blended threats use this knowledge to infiltrate an Enterprise by using a combination of web and cloud services.

Enterprises also need the ability to distinguish between instances of cloud applications to be able to ensure that corporate data is used in compliance with policy and regulatory frameworks.  

We have talked about our approach to this extensively in blog posts like this.

The blurring line between cloud and web

It is getting harder and harder to distinguish between cloud and web. A web page today is dynamic, a composite formed from many API calls to many other cloud and web services. A page may load ads from one service, static images from another, let readers share content on social media and may allow comments through an integrated forum. Is this a cloud app or a dynamic web page? We believe that this is an artificial distinction that will quickly fade away. Enterprises need a modern security solution that spans both cloud and web and is able to distil all of the dynamic content and API calls that are occurring and provide actionable security context.

The Netskope Approach

The Netskope cloud security platform is the right platform to protect the enterprise by providing:

Comprehensive coverage: Ability to secure sanctioned SaaS applications, social media applications, unsanctioned cloud apps, cloud infrastructure services and, later this year, web activity  

Context driven: Deep understanding of APIs, ability to dynamically parse unpublished APIs across known as well as unfamiliar services to accurately identify context and content of user activity across both cloud and web.

Unified Policy: Single policy engine that enables clear configuration and consistent enforcement across managed/unmanaged devices, on-premises and remote user access

Advanced Threat Protection: Robust threat prevention that spans cloud and web with multiple threat detection engines, proprietary threat intelligence powered by Netskope Threat Research Labs, and unique third party integrations

Advanced Data Loss Prevention: Protection against sensitive data loss across all cloud and web usage

A Security Platform that Evolves with the Ever-changing Way that People Work

Cloud adoption is an unstoppable force and continues to dominate the mindshare of enterprise CIOs and CISOs. The exponential growth of the cloud has upended the central tenets of the security industry — the network perimeter and IT control of end-user applications.

All enterprises recognize the need to modernize their security policies for the cloud but are struggling to find the right security approach that addresses all their cloud security needs. There are a plethora of security vendors that claim to address some of the challenges resulting from this broad cloud adoption but each of them focuses on a particular silo and misses the bigger picture.

Security leaders need to take a cloud first approach when looking at the right security solutions for their enterprise in a way that fits with how people actually work today. Cloud security solutions that work enable security teams to take a nuanced approach to understanding, safely enabling and controlling enterprise data without slowing the adoption of the cloud, while providing the context needed to act quickly and decisively.

Stay tuned for more exciting news as we continue our journey to provide comprehensive security for the enterprise in a cloud-first world.