Netskope named a Leader in the 2022 Gartner® Magic Quadrant™ for Security Service Edge. Get the Report.

  • Platform

    Unrivaled visibility and real-time data and threat protection on the world's largest security private cloud.

  • Products

    Netskope products are built on the Netskope Security Cloud.

Netskope delivers a modern cloud security stack, with unified capabilities for data and threat protection, plus secure private access.

Explore our platform

Netskope Named a Leader in the 2022 Gartner Magic Quadrant™ for SSE Report

Get the report

Make the move to market-leading cloud security services with minimal latency and high reliability.

Learn more

Prevent threats that often evade other security solutions using a single-pass SSE framework.

Learn more

Zero trust solutions for SSE and SASE deployments

Learn more

Netskope enables a safe, cloud-smart, and fast journey to adopt cloud services, apps, and public cloud infrastructure.

Learn more
  • Customer Success

    Secure your digital transformation journey and make the most of your cloud, web, and private applications.

  • Customer Support

    Proactive support and engagement to optimize your Netskope environment and accelerate your success.

  • Training and Certification

    Netskope training will help you become a cloud security expert.

Trust Netskope to help you address evolving threats, new risks, technology shifts, organizational and network changes, and new regulatory requirements.

Learn more

We have qualified engineers worldwide, with diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ready to give you timely, high-quality technical assistance.

Learn more

Secure your digital transformation journey and make the most of your cloud, web, and private applications with Netskope training.

Learn more
  • Resources

    Learn more about how Netskope can help you secure your journey to the cloud.

  • Blog

    Learn how Netskope enables security and networking transformation through security service edge (SSE).

  • Events & Workshops

    Stay ahead of the latest security trends and connect with your peers.

  • Security Defined

    Everything you need to know in our cybersecurity encyclopedia.

Security Visionaries Podcast

Bonus Episode: The Importance of Security Service Edge (SSE)

Play the podcast

Read the latest on how Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.

Read the blog

Netskope at RSA 2022

Meet and speak with Netskope security specialists at RSA.

Learn more

What is Security Service Edge?

Explore the security side of SASE, the future of network and protection in the cloud.

Learn more
  • Company

    We help you stay ahead of cloud, data, and network security challenges.

  • Why Netskope

    Cloud transformation and work from anywhere have changed how security needs to work.

  • Leadership

    Our leadership team is fiercely committed to doing everything it takes to make our customers successful.

  • Partners

    We partner with security leaders to help you secure your journey to the cloud.

Netskope enables the future of work.

Find out more

Netskope is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Learn more

Thinkers, builders, dreamers, innovators. Together, we deliver cutting-edge cloud security solutions to help our customers protect their data and people.

Meet our team

Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.

Learn more
Blog Uncategorized Telling the difference makes a difference with cloud app instances
Aug 11 2015

Telling the difference makes a difference with cloud app instances

As part of the field team, I get to speak with customers across multiple industries, which is a great vantage point for observing common themes. A recent example is positive customer reactions over Netskope’s ability to differentiate between different instances of the same SaaS cloud app (i.e. telling the difference between whether a user logged into the “Coke” or “Pepsi” -or a personal- instance of Box). Not all cloud access brokers (CASBs) offer this ability, but judging by market response, it’s an important feature, especially as an organization decides to rollout a SaaS solution such as Box.

So why is telling the difference between instances of the same cloud app so important? I’m seeing three use cases, as explained below.

  1. Pre-production and production rollout of SaaS solutions. A large Fortune 500 insurance company I’m working with has explicitly built their deployment plan to use separate instance IDs of Office 365. The goal is to validate security policies in the pre-production instance of O365 before applying the policies into the production instance. The early validation will ensure a smooth user experience for the majority of employees who are using the production instance and mitigate any disruptions to workflows and the regular use of the app. A secondary application of instance IDs during rollout enables IT to continue using the pre-production instance while setting a message to notify the employee who might still be accessing that instance to coach, or even redirect him or her to the production instance instead.
  2. Privacy and compliance concerns, including audit requirements. This is a big one. A good example of this is with regards to European Union privacy laws. By being able to tell the difference in corporate versus personal sessions of cloud apps such as Box, IT can specify to only monitor content and data exchanged between the user and corporate instances. Conversely, IT can also monitor corporate data being passed to shadow IT/non-sanctioned apps to ensure compliance – such as preventing users from uploading corporate PII data to an unsanctioned cloud storage service or non-corporate instance of a cloud storage app. Either way, differentiating instances of cloud apps provides for a clear audit trail of cloud activity and data across corporate and personal cloud app transactions. This is especially important for highly regulated industries, as I’ve seen these requirements in both financial services and healthcare customers and prospects.
  3. Granular access controls. The importance of context shines through when managing security and DLP controls. And by context, I mean things like user, group, device, location, app or category, activity, and more so you can contextualize policy and control. Being able to distinguish between personal and corporate sessions to a cloud app provides value, but the ability to apply mitigating controls around personal sessions separately and distinctly from corporate session is powerful. I have one customer that identifies the consumer-grade instances of a sanctioned cloud app and blocks access to that while only allowing access to their corporate instance of the cloud app from company-managed mobile devices. In the same vein, organizations could set a security policy such that data uploaded into a corporate instance of a cloud storage app be automatically encrypted while data uploaded into the personal instance be left alone.

To summarize, instance differentiation can be an important part of any cloud app rollout within an organization, addressing privacy and/or compliance concerns. The key lies in managing policy control for both sides.