Security & Assurance

Cloud security starts with our security

Netskope

Security

Founded and built by industry veterans with decades of success in enterprise security, Netskope has taken information security and compliance very seriously since day one. As the cloud security leader serving the world’s largest and most valuable customers, we have directed significant resources to ensure that our data centers, hardware, software, and processes are secure, redundant, meet the most rigorous standards, and deliver the high performance even our most stringent customers require. Our Global Cloud Infrastructure and data center hosting providers employ state-of-the-art physical security controls and we regularly engage independent auditors to ensure the highest level of compliance with best-of-breed frameworks and standards.

Netskope has an established Information Security Committee that regularly convenes to review Netskope product engineering, security operations, and personnel processes against a comprehensive set of industry frameworks and standards. Should you have any questions or concerns, don’t hesitate to reach out to us at security@netskope.com.

Meet our Security Experts

Jason Clark

Chief Strategy Officer

Jason Clark

Chief Strategy Officer

Jason brings decades of experience building and executing successful strategic security programs to Netskope. He was previously the chief security and strategy officer for Optiv, developing a comprehensive suite of solutions to help CXO executives enhance their security strategies and accelerate alignment of those strategies with the business. Prior to Optiv, Clark held a leadership role at Websense, where he was a driving force behind the company’s transformation into a provider of critical technology for chief information security officers (CISOs). In a prior role as CISO and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing a successful security program for 140,000 employees across 1,500 locations. He was previously CISO for The New York Times, and has held security leadership and technical roles at EverBank, BB&T and the U.S. Army.

Sean Cordero

Head of Cloud Strategy

Sean Cordero

Head of Cloud Strategy

Sean brings more than 18 years of information security and IT experience to his role at Netskope. Prior to Netskope, Cordero served as Senior Executive Director, oCISO, at Optiv, where he provided executive-level advisement to the company’s Fortune 100 clients. Cordero has been a key driver in the cloud adoption space; since 2011 he has led creation of the industry standard control framework for cloud security, the Cloud Security Alliance’s (CSA) Cloud Controls Matrix (CCM). For his contributions to cloud security and adoption, the CSA awarded him the 2013 Ron Knode Service Award for North America and he was inducted in 2016 by the CSA as an Inaugural Research Fellow.

Lamont Orange

CISO

Lamont Orange

CISO

Lamont has more than 20 years of experience in the information security industry, having previously served as vice president of enterprise security for Charter Communications (now Spectrum) and as senior manager for the security and technology services practice at Ernst & Young. Prior to joining Netskope, Orange was CISO for Vista Equity Partners/Vista Consulting Group. He was responsible for managing the cybersecurity programs and development of cybersecurity talent within the Vista portfolio, which included more than 50 companies. Prior to Vista, Lamont was Information Security Officer for Websense. In that role, he was responsible for developing, maintaining and socializing the company’s internal security program.  He was also responsible for working with current and potential customers demonstrating security of the solutions and the connection to the overall security ecosystem.

Neil Thacker

CISO, EMEA

Neil Thacker

CISO, EMEA

Neil is a veteran information security professional and a data protection and privacy expert well-versed in the European Union General Data Protection Regulation (EU GDPR). He holds more than 20 years of experience in the information security industry with 15 years experience as a leading security practitioner for organisations like Deutsche Bank, Swiss Re and Camelot Group before spending the past five years as Deputy CISO for Forcepoint. Thacker is a member of the ENISA Threat Landscape stakeholder group where he contributes to the EU agency program alongside CERTs to position the threat landscape, offer mitigation advice and threat analysis innovation. He is also co-founder and board member of the Security Advisor Alliance, a not-for-profit organisation formed to help security leaders in their role, engage and support interest in the infosec industry and offer advice and tools to move organisations towards improved risk and data-centric strategies.

Compliance

AICPA SOC 1

AICPA SOC 1

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

To request for a copy of our SOC 1 Report, please contact us.

AICPA SOC 2

AICPA SOC 2

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

To request for a copy of our SOC 2 Report, please contact us.

AICPA SOC 3

AICPA SOC 3

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

Click here to view a copy of our SOC 3 Report.

ISO 27001

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).

To request the ISO 27001 certification, please contact us.

ISO 27018

ISO 27018

The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers.

To request the ISO 27018 certification, please contact us.

CSA STAR

CSA STAR

The CSA Security, Trust and Assurance Registry (STAR) encompasses the key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring. STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.

Click here to view our CSA STAR self assessment.

Privacy Shield

Privacy Shield

For certain Services, for which we act as a data processor, Netskope has certified under the EU-U.S. Privacy Shield framework. For more details about the scope of the certification, click here.

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

TRUSTe

TRUSTe

TRUSTe has assessed Netskope for compliance with the TRUSTe Privacy Certification. For more detail about our TRUSTe certifications, please click here.