Netskope named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge. Get the Report.

  • Platform

    Unrivaled visibility and real-time data and threat protection on the world's largest security private cloud.

  • Products

    Netskope products are built on the Netskope Security Cloud.

Netskope delivers a modern cloud security stack, with unified capabilities for data and threat protection, plus secure private access.

Explore our platform

Netskope Named a Leader in the 2022 Gartner Magic Quadrant™ for SSE Report

Get the report

Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn more

Prevent threats that often evade other security solutions using a single-pass SSE framework.

Learn more

Zero trust solutions for SSE and SASE deployments

Learn more

Netskope enables a safe, cloud-smart, and fast journey to adopt cloud services, apps, and public cloud infrastructure.

Learn more
  • Customer Success

    Secure your digital transformation journey and make the most of your cloud, web, and private applications.

  • Customer Support

    Proactive support and engagement to optimize your Netskope environment and accelerate your success.

  • Training and Certification

    Netskope training will help you become a cloud security expert.

Trust Netskope to help you address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Learn more

We have qualified engineers worldwide, with diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ready to give you timely, high-quality technical assistance.

Learn more

Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn more
  • Resources

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog

    Learn how Netskope enables security and networking transformation through security service edge (SSE).

  • Events & Workshops

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Bonus Episode: The Importance of Security Service Edge (SSE)

Play the podcast

Read the latest on how Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog

Netskope at RSA 2022

Meet and speak with Netskope security specialists at RSA.

Learn more

What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn more
  • Company

    We help you stay ahead of cloud, data, and network security challenges.

  • Why Netskope

    Cloud transformation and work from anywhere have changed how security needs to work.

  • Leadership

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Partners

    We partner with security leaders to help you secure your journey to the cloud.

Netskope enables the future of work.

Find out more

Netskope is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Learn more

Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team

Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn more
Blog Data Protection Cloud DLP reference architecture: Six tenets for accurate and efficient cloud data loss prevention
Sep 14 2015

Cloud DLP reference architecture: Six tenets for accurate and efficient cloud data loss prevention

Sometimes we guide our customers to make good choices, but more often they guide us. I am very pleased to share with you an example of the latter: Our Cloud DLP Reference Architecture.

This Architecture for securing sensitive data in the cloud is the brainchild of a few of our most cloud-forward customers. We adopted it, introduced it to our partners – from identity management to data classification to cloud storage and collaboration to on-premises DLP solutions – and now propose it to all of our customers whose requirements call for accurate data loss prevention in the cloud and efficient integration with and preservation of, on-premises DLP and incident management workflows.

Our customers articulated three macro-level observations:

  • Their data are moving to the cloud
  • Data are being accessed from everywhere, including remote and mobile
  • They need to marry their on-premises DLP and incident response systems with cloud-based ones

They also said that they didn’t want to backhaul all cloud traffic to their on-premises DLP and incident response systems, yet still needed to get as much value out of those systems as possible.

So we set forth in developing an architecture that allows for this. It has six key steps, which are fleshed out in this white paper, but are summarized here:

  1. Derive context from cloud service transactions and set policy based on it before moving to the next stage of data identification
  2. Use a classification framework to identify or categorize sensitive content
  3. Apply data classification to discover sensitive content in the cloud
  4. Quarantine and redirect potentially sensitive content to an on-premises DLP solution
  5. Enforce policies and initiate incident response
  6. Ensure user accountability

Netskope’s solution stands out for its cloud DLP, a capability we call “noise-cancelling cloud DLP,” and the reason more than three-quarters of our customers have deployed it. Our cloud DLP boasts some 3,000 data identifiers, 500+ file types, custom RegEx, proximity analysis, fingerprinting, Exact Match, international support, and more. But what really makes it special is that this architecture is at the epicenter of the “noise-cancelling” claim. The ability to reduce surface area, detect and classify content in the cloud, backhaul not everything but the vastly reduced subset of potential violations for further analysis, and initiate existing, proven workflows based on verification is critical to our customers.

If you’re solving the hard challenge of protecting sensitive data in the cloud, I urge you to reach out. My colleagues and I will gladly walk you through the details of this architecture and help you think through how it can be applied in your enterprise.

Do you have feedback or suggestions for how to make this framework even better? I want to hear from you!

author image
About the author
Krishna Narayanaswamy, Netskope's Founder and CTO, is a highly regarded researcher in deep packet inspection, security, and behavioral anomaly detection with over 25 years of industry experience. He leads Netskope's research efforts in data and threat protection and is a frequent presenter on security thought leadership topics in leading conferences. Previously he founded Top Layer Networks and served as a distinguished engineer at Juniper Networks where he delivered successful products to the market. He holds over 50 patents that range from security to accelerated packet processing to data classification.
Krishna Narayanaswamy, Netskope's Founder and CTO, is a highly regarded researcher in deep packet inspection, security, and behavioral anomaly detection with over 25 years of industry experience. He leads Netskope's research efforts in data and threat protection and is a frequent presenter on security thought leadership topics in leading conferences.…