Netskope named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge. Get the Report.

  • Platform

    Unrivaled visibility and real-time data and threat protection on the world's largest security private cloud.

  • Products

    Netskope products are built on the Netskope Security Cloud.

Netskope delivers a modern cloud security stack, with unified capabilities for data and threat protection, plus secure private access.

Explore our platform
Birds eye view metropolitan city

Netskope Named a Leader in the 2022 Gartner Magic Quadrant™ for SSE Report

Get the report Go to Products Overview
Netskope gartner mq 2022 sse leader

Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn more
Lighted highway through mountainside switchbacks

Prevent threats that often evade other security solutions using a single-pass SSE framework.

Learn more
Lighting storm over metropolitan area

Zero trust solutions for SSE and SASE deployments

Learn more
Boat driving through open sea

Netskope enables a safe, cloud-smart, and fast journey to adopt cloud services, apps, and public cloud infrastructure.

Learn more
Wind turbines along cliffside
  • Customer Success

    Secure your digital transformation journey and make the most of your cloud, web, and private applications.

  • Customer Support

    Proactive support and engagement to optimize your Netskope environment and accelerate your success.

  • Training and Certification

    Netskope training will help you become a cloud security expert.

Trust Netskope to help you address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Learn more
Woman smiling with glasses looking out window

We have qualified engineers worldwide, with diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ready to give you timely, high-quality technical assistance.

Learn more
Bearded man wearing headset working on computer

Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn more
Group of young professionals working
  • Resources

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog

    Learn how Netskope enables security and networking transformation through security service edge (SSE).

  • Events & Workshops

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Bonus Episode: The Importance of Security Service Edge (SSE)

Play the podcast
Black man sitting in conference meeting

Read the latest on how Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog
Sunrise and cloudy sky

Netskope CSO speaking events

Meet the Netskope CSO team at one of our upcoming events.

Find an event
Netskope CSO Team

What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn more
Four-way roundabout
  • Company

    We help you stay ahead of cloud, data, and network security challenges.

  • Why Netskope

    Cloud transformation and work from anywhere have changed how security needs to work.

  • Leadership

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Partners

    We partner with security leaders to help you secure your journey to the cloud.

Netskope enables the future of work.

Find out more
Curvy road through wooded area

Netskope is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Learn more
Switchback road atop a cliffside

Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team
Group of hikers scaling a snowy mountain

Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn more
Group of diverse young professionals smiling
Blog Threat Labs Cloud Threats Memo: How Contact Tracing and Personal Cloud Apps Led to a Huge PII Exposure
May 21 2021

Cloud Threats Memo: How Contact Tracing and Personal Cloud Apps Led to a Huge PII Exposure

COVID-19 contact tracing and personal cloud apps, what could possibly go wrong? A recent federal lawsuit, filed against the state of Pennsylvania and a vendor contracted by the state’s Department of Health, provides an interesting answer. The vendor in question was contracted “to provide contact tracing and other similar services” following the outbreak of COVID-19 in March 2020. Despite the good intentions, it ended up that the names, phone numbers, and medical information belonging to 72,000 individuals were exposed as a “direct result of the failure to implement adequate and reasonable cybersecurity procedures and protocols.” 

No, a sophisticated hack, possibly by an overseas state-sponsored actor, is not implied in this case. The reality is much simpler, and potentially even more dangerous. This exposure is yet another consequence of the common habit of using personal apps to handle sensitive data without considering the security implications (“I have always done it this way” is a common justification.) A statement issued by the affected vendor provides more details, and it turned out that “certain employees set up and used several Google accounts for sharing information. Documents related to contact tracing collection were included among the information that may have been vulnerable to access.”

As we’ve already mentioned, old habits die hard: the simplicity of using a personal account to bring the work home or share the information with collaborators and/or partners in the quickest and easiest possible manners (read: using personal cloud accounts) is too tempting, and even if it’s not driven by malicious intentions, exposes the data to loss and theft, posing a serious risk for the affected individuals, should their sensitive information fall in the wrong hands.

How Netskope mitigates this threat

User education is important, but similar incidents prove that it isn’t enough. In this specific case, the ability for Netskope to provide granular control for thousands of cloud applications (including personal emails and cloud storage services) can mitigate the risk of exposure for corporate data, such as the upload of sensitive information to non-corporate services or personal instances of corporate services.

For example, the Netskope Next Gen SWG has dedicated categories for “Cloud Storage” and “Webmail” where the CloudXD engine can recognize and govern dozens of activities. It is possible to enforce a restrictive policy such as the block of “upload,” “download,” or “edit” on personal services (such as Google, Microsoft, Box, or Dropbox) or even to use the DLP engine to prevent just the upload of sensitive data (using also the ML detectors to classify specific documents and simplify the operational tasks). Similar policies can also be applied to other categories and can be equally enforced to prevent the ingress of dangerous content (such as malware) from personal accounts into the organization.

Stay safe!

author image
About the author
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of data and trends of the threat landscape for the Infosec community.
Paolo supports Netskope’s customers in protecting their journey to the cloud and is a security professional, with 20+ years experience in the infosec industry. He is the mastermind behind hackmageddon.com, a blog detailing timelines and statistics of all the main cyber-attacks occurred since 2011. It is the primary source of…