Creating a Cloud Security Stack for AWS Control Tower

Co-authored by Andy Horwitz and Yuri Duchovny

Today, Netskope released a new cloud security solution to help AWS customers provide consistent security across all their AWS accounts leveraging AWS Control Tower. Many AWS Customers follow the multi-account framework as a best practice to isolate teams and workloads on the cloud. Often this may introduce overhead in terms of policy configuration and management. 

To help solve this problem, Netskope is releasing a specific solution for AWS Control Tower that automates and easily deploys both Cloud Security Posture Management and the S3 Storage Scan for sensitive information identification and malware detection. This solution, built for AWS Control Tower, enables security controls to be deployed and replicated across a multi-account AWS environment managed by AWS Control Tower. AWS Control Tower, along with Netskope and other AWS Control Tower security solutions from CrowdStrike and Okta, implements security best practices based on AWS’s experience working with thousands of customers along their journey to the cloud. AWS Control Tower enables builders to provision new AWS accounts in a few clicks, and then using cloud formation templates deploy the Netskope security controls and data loss prevention solutions across all your accounts. With this new solution, Netskope enables governance best practices using Control Tower.

The Netskope Cloud Security Posture Management (CSPM)  and Storage Scan services are multi-account security solutions that provide visibility into resources, configurations, data protection, and malware on the AWS cloud. Implementing this solution, you can identify and remediate risky misconfigurations, identify sensitive data (DLP), and detect malware and ransomware. 

Netskope helps organizations maintain compliance and best practices, provide the ability to audit security configurations and prevent data exposure and detect “shadow IaaS” services with real-time controls.  

To support our customers, we have created a Netskope AWS Control Tower Implementation Guide to enable every AWS Marketplace customer to seamlessly activate, deploy and configure the Netskope CSPM and Storage Scan in the AWS Control Tower environment while taking full advantage of the resources pre-configured by AWS Control Tower as part of the initialization.

And for our European customers, Netskope is part of the initial launch of the AWS EMEA Marketplace allowing all European customers to buy from the AWS Marketplace using their main accounts and using local currency. 

How to get started and learn more about this new Netskope offering:

• For information about setting up an AWS Control Tower landing zone, see Getting Started with AWS Control Tower. You also need administrator privileges in the AWS Control Tower management account.
• Check out the new Netskope Control Tower listing in the AWS Marketplace 
• If attending, Re:Invent 2021, come meet with us in the AWS Control Tower booth on Dec 1, 2021 from 10-1pm
• The Netskope solution source code can be found on GitHub repository Github Link
• Contact us [email protected]