Netskope named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Service Edge. Get the report

close
close
  • Why Netskope chevron

    Changing the way networking and security work together.

  • Our Customers chevron

    Netskope serves more than 3,000 customers worldwide including more than 25 of the Fortune 100

  • Our Partners chevron

    We partner with security leaders to help you secure your journey to the cloud.

Still Highest in Execution.
Still Furthest in Vision.

Learn why 2024 Gartner® Magic Quadrant™ named Netskope a Leader for Security Service Edge the third consecutive year.

Get the report
Netskope Named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Service Edge graphic for menu
We help our customers to be Ready for Anything

See our customers
Woman smiling with glasses looking out window
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn about Netskope Partners
Group of diverse young professionals smiling
Your Network of Tomorrow

Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.

Get the white paper
Your Network of Tomorrow
Introducing the Netskope One Platform

Netskope One is a cloud-native platform that offers converged security and networking services to enable your SASE and zero trust transformation.

Learn about Netskope One
Abstract with blue lighting
Embrace a Secure Access Service Edge (SASE) architecture

Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.

Learn about NewEdge
NewEdge
Netskope Cloud Exchange

The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.

Learn about Cloud Exchange
Netskope video
The platform of the future is Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.

Go to Products Overview
Netskope video
Next Gen SASE Branch is hybrid — connected, secured, and automated

Netskope Next Gen SASE Branch converges Context-Aware SASE Fabric, Zero-Trust Hybrid Security, and SkopeAI-powered Cloud Orchestrator into a unified cloud offering, ushering in a fully modernized branch experience for the borderless enterprise.

Learn about Next Gen SASE Branch
People at the open space office
Designing a SASE Architecture For Dummies

Get your complimentary copy of the only guide to SASE design you’ll ever need.

Get the eBook
Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn about NewEdge
Lighted highway through mountainside switchbacks
Safely enable the use of generative AI applications with application access control, real-time user coaching, and best-in-class data protection.

Learn how we secure generative AI use
Safely Enable ChatGPT and Generative AI
Zero trust solutions for SSE and SASE deployments

Learn about Zero Trust
Boat driving through open sea
Netskope achieves FedRAMP High Authorization

Choose Netskope GovCloud to accelerate your agency’s transformation.

Learn about Netskope GovCloud
Netskope GovCloud
  • Resources chevron

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog chevron

    Learn how Netskope enables security and networking transformation through security service edge (SSE)

  • Events and Workshops chevron

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined chevron

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

On Patents, Trolls, and Innovation
In this episode host Emily Wearmouth chats with Suzanne Oliver, an intellectual property expert, and Krishna Narayanaswamy, co-founder and CTO of Netskope, about the world of patents.

Play the podcast
On Patents, Trolls, and Innovation
Latest Blogs

Read how Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog
Sunrise and cloudy sky
SASE Week 2023: Your SASE journey starts now!

Replay sessions from the fourth annual SASE Week.

Explore sessions
SASE Week 2023
What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn about Security Service Edge
Four-way roundabout
  • Company chevron

    We help you stay ahead of cloud, data, and network security challenges.

  • Leadership chevron

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Customer Solutions chevron

    We are here for you and with you every step of the way, ensuring your success with Netskope.

  • Training and Certification chevron

    Netskope training will help you become a cloud security expert.

Supporting sustainability through data security

Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.

Find out more
Supporting Sustainability Through Data Security
Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team
Group of hikers scaling a snowy mountain
Netskope’s talented and experienced Professional Services team provides a prescriptive approach to your successful implementation.

Learn about Professional Services
Netskope Professional Services
Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn about Training and Certifications
Group of young professionals working

Let’s Talk About NIS2

Mar 21 2023

Late last year, the EU Parliament formally adopted a new Directive, NIS2, updating and superseding the existing NIS Directive which helped the organisations responsible for Europe’s critical national infrastructure to better understand, manage, and reduce their cybersecurity risk.  NIS2 expanded the industries covered (broadening the concept of critical infrastructure to include telecoms, social media, and local government alongside utilities, digital infrastructure, banks, and healthcare), but it still fundamentally aims to strengthen cybersecurity requirements. It is estimated that about 160,000 organisations will be required to comply, grouped as either Essential or Important, with compliance requirements differing between categories.

So what do we need to know? Firstly, it is important to note that NIS2 is an EU Directive, not currently legislation in any member states and so while it “came into force” in January 2023, the deadline that organisations will need to watch for is 17th October 2024—because that is the deadline for national legislatures to turn the Directive into enforceable national laws. As we approach that date we will all have a clearer idea of how the relatively high level guidelines will be translated into legal requirements that we all need to follow. At this point, the Directive is high-level and still open to interpretation—deliberately so, because the more specific it is, the quicker it would become outdated.  

What is included?

NIS2 comprises a number of areas where organisations will be required to implement security measures and achieve baseline standards. These areas are:

  • Risk analysis 
  • Information system security policies
  • Incident response (prevention and detection of a response to incidents)
  • Business continuity and crisis management
  • Supply chain security
  • Assessment of effectiveness of risk management measures 
  • Encryption 
  • Vulnerability disclosure

Within these categories we see some detail about the requirement to report incidents, train management teams in cyber risk, and allow on-site inspections. There is also inclusion of non-compulsory recommendations around user training, and some less stringent allowances for  organisations in the Important group. 

Looking at this list you can see why we are already having conversations with customers and prospects about NIS2—there’s plenty in here that we can help with, even ahead of national lawmakers adding in much more specific details. 

As is the custom with EU initiatives, this one shows its teeth through administrative fines of up to €10 million or 2% of the entity’s total turnover worldwide, whichever is higher, for “Essential Entities” (and there is a slightly lower fine too—€7 million or 1.4% global turnover for “Important Entitles”). These would be additional to any fines that may be applied due to a single incident also falling foul of GDPR rules.

Points to note

While we wait for this national legislation to see how the Directive is interpreted into law within the member states, we wanted to pick out a few things that are worth noting already.

1. Collaboration is at the core of NIS2

NIS2 has a strong focus on collaboration. We see this in the establishment of one of the best acronyms we have seen for a while: the EU Cyber Crisis Liaison Organisation Network (EU-CyCLONe). This body is intended to facilitate coordinated management of EU-wide incidents. Other ways to improve collaboration can be found in the measures aimed at increasing the level of trust and information sharing between competent authorities.

2. Supply chain security is a priority

An understanding of the interdependent nature of cyber defence is also evident in the emphasis that NIS2 gives to more stringent rules on supply chain security. This is a hugely welcome focus within the directive and will require clever implementation to ensure we extract the most value from the intentions outlined. Auditing, monitoring, and acting upon supply chain risk is not straightforward and we hope to see some creativity from the industry in suggesting workable ways to collaborate on this issue. The aim must be to drive efficiency in the interests of productivity while avoiding debilitating bureaucratic processes. We need better security, not more paperwork.

3. Basic hygiene provides for robust preparation

The standards set in the Directive are nothing new for organisations—although their agreement as enforceable baseline standards is. They are things that should all be on the priority list for any organisation already. However there is definitely value in pointing out that some of the things we do today as basic hygiene can benefit from improvement. Cybersecurity and risk awareness training, for instance, is something that is an annual tick-box requirement already for many organisations (not least as a requirement for most cyber insurance policies). But we are hoping that NIS2 opens discussion as to the effectiveness of some of the ways we conventionally do things, for instance in this case we would like to see the industry place a greater emphasis on “just-in-time” training to help employees better assess risk at the point of its appearance. The ultimate goal is to change behaviour and break old habits, this is not achieved by a yearly 30 min training video.

A summary on any discussion around NIS2 at the moment can only really be “watch this space”. So much is going to be determined by the national governments of Europe (EEA) as they legislate on the matter over the coming 18 months. For information professionals (in particular governance, risk, and compliance (GRC)) now is the time to start to plan. The Directive gives a useful cheat sheet for best practices which can already be used to help prioritise initiatives that genuinely improve security posture, and rationalise those that are outdated or even hinder efforts. 

author image
Robby Coppens
Robby Coppens has spent his career building solutions with any kind of technology to enable businesses throughout Europe.

Stay informed!

Subscribe for the latest from the Netskope Blog