Cloud Security Use Case #2: Granular Control of Unmanaged Cloud Apps

Netskope

I recently blogged about the first of the six most common cloud security use cases that customers are covering with Netskope. I would like to continue the discussion and talk about use case #2, which is granular control of unmanaged cloud apps.

While the first use case focused on seeing and controlling the exposure of sensitive data in cloud apps like Office 365, Box, and Google G Suite that are managed by IT, this next use case is centered around how to safely enable thousands of cloud apps being adopted by lines of business and users, outside of IT. This use case is a good example of why the old, “block first” mentality of security is difficult to apply in today’s world where lines of business and users rely on cloud apps to help them move fast. This presents security with a very difficult decision- manage risk by enforcing heavy-handed controls and blocking cloud or simply allow the use of cloud and live with the consequences.  

Fortunately, there is a better way and that is to provide granular control for the potentially thousands of cloud apps not managed by IT. Look for and block risky activities such as sensitive data being exfiltrated to the personal instances of corporate cloud apps. Block risky activities instead of blocking the app outright.


This particular use case has some hefty functional requirements and also requires the cloud security product to be deployed inline. Here is a rundown of the functional requirements and deployment requirements needed to effectively cover this use case.

Functional Requirements:

  • Steer all cloud traffic (thousands of cloud services) and decode in real-time dozens of activities such as login, logout, upload, download, share, post, view, edit, etc.
  • Differentiate between corporate-managed instances of apps and personal instances and reflect the difference in policy
  • Support the selection of app categories as part of policies
  • Provide “allow” actions as part of a layered policy

Deployment Requirements:

  • Support for various forward proxy deployment modes for steering thousands of unmanaged apps for real-time visibility and control

To learn more about this use case, check out our use-case driven cloud security evaluator guide. You can watch a demo video and download an evaluator guide to help you test a cloud security vendor’s ability to effectively cover this use case or any of the common cloud security use cases.