¡El futuro de Confianza Cero y SASE es ahora! Ver a la carta

cerrar
cerrar
  • Por qué Netskope chevron

    Cambiar la forma en que las redes y la seguridad trabajan juntas.

  • Nuestros clientes chevron

    Netskope atiende a más de 3.000 clientes en todo el mundo, entre ellos más de 25 de las 100 empresas de Fortune

  • Nuestros Partners chevron

    Nos asociamos con líderes en seguridad para ayudarlo a asegurar su viaje a la nube.

La más Alta en Ejecución. Más Avanzada en Visión.

Netskope ha sido reconocido como Líder en el Gartner® Magic Quadrant™ de 2023 en SSE.

Obtenga el informe
Netskope ha sido reconocido como Líder en el Gartner® Magic Quadrant™ de 2023 en SSE.
Ayudamos a nuestros clientes a estar preparados para cualquier situación

Ver nuestros clientes
Woman smiling with glasses looking out window
La estrategia de venta centrada en el partner de Netskope permite a nuestros canales maximizar su expansión y rentabilidad y, al mismo tiempo, transformar la seguridad de su empresa.

Más información sobre los socios de Netskope
Group of diverse young professionals smiling
Tu red del mañana

Planifique su camino hacia una red más rápida, más segura y más resistente diseñada para las aplicaciones y los usuarios a los que da soporte.

Obtenga el whitepaper
Tu red del mañana
Presentamos la Netskope One Plataforma

Netskope One es una Plataforma nativa en la nube que ofrece servicios convergentes de seguridad y redes para hacer posible su transformación SASE y de confianza cero.

Learn about Netskope One
Abstracto con iluminación azul
Adopte una arquitectura de borde de servicio de acceso seguro (SASE)

Netskope NewEdge es la nube privada de seguridad más grande y de mayor rendimiento del mundo y ofrece a los clientes una cobertura de servicio, un rendimiento y una resiliencia incomparables.

Más información sobre NewEdge
NewEdge
Netskope Cloud Exchange

Cloud Exchange (CE) de Netskope ofrece a sus clientes herramientas de integración eficaces para que saquen partido a su inversión en estrategias de seguridad.

Más información sobre Cloud Exchange
Vídeo de Netskope
  • Servicio de seguridad Productos Edge chevron

    Protéjase contra las amenazas avanzadas y en la nube y salvaguarde los datos en todos los vectores.

  • Borderless SD-WAN chevron

    Proporcione con confianza un acceso seguro y de alto rendimiento a cada usuario remoto, dispositivo, sitio y nube.

  • Secure Access Service Edge chevron

    Netskope One SASE proporciona una solución SASE nativa en la nube, totalmente convergente y de un único proveedor.

La plataforma del futuro es Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG) y Private Access for ZTNA integrados de forma nativa en una única solución para ayudar a todas las empresas en su camino hacia el Servicio de acceso seguro Arquitectura perimetral (SASE).

Todos los productos
Vídeo de Netskope
Next Gen SASE Branch es híbrida: conectada, segura y automatizada

Netskope Next Gen SASE Branch converge Context-Aware SASE Fabric, Zero-Trust Hybrid Security y SkopeAI-Powered Cloud Orchestrator en una oferta de nube unificada, marcando el comienzo de una experiencia de sucursal completamente modernizada para la empresa sin fronteras.

Obtenga más información sobre Next Gen SASE Branch
Personas en la oficina de espacios abiertos.
Diseño de una arquitectura SASE para Dummies

Obtenga un ejemplar gratuito del único manual que necesitará sobre diseño de una arquitectura SASE.

Obtenga el eBook
Cambie a los servicios de seguridad en la nube líderes del mercado con una latencia mínima y una alta fiabilidad.

Más información sobre NewEdge
Lighted highway through mountainside switchbacks
Habilite de forma segura el uso de aplicaciones de IA generativa con control de acceso a aplicaciones, capacitación de usuarios en tiempo real y la mejor protección de datos de su clase.

Descubra cómo aseguramos el uso generativo de IA
Habilite de forma segura ChatGPT y IA generativa
Soluciones de confianza cero para implementaciones de SSE y SASE

Más información sobre Confianza Cero
Boat driving through open sea
Netskope logra la alta autorización FedRAMP

Elija Netskope GovCloud para acelerar la transformación de su agencia.

Más información sobre Netskope GovCloud
Netskope GovCloud
  • Recursos chevron

    Obtenga más información sobre cómo Netskope puede ayudarle a proteger su viaje hacia la nube.

  • Blog chevron

    Descubra cómo Netskope permite la transformación de la seguridad y las redes a través del borde de servicio de seguridad (SSE)

  • Eventos y Talleres chevron

    Manténgase a la vanguardia de las últimas tendencias de seguridad y conéctese con sus pares.

  • Seguridad definida chevron

    Todo lo que necesitas saber en nuestra enciclopedia de ciberseguridad.

Podcast Security Visionaries

How to Use a Magic Quadrant and Other Industry Research
En este episodio, Max Havey, Steve Riley y Mona Faulkner diseccionan el intrincado proceso de creación de un Cuadrante Mágico y por qué es mucho más que un gráfico.

Reproducir el pódcast
Cómo utilizar un podcast de Cuadrante Mágico y otras investigaciones sectoriales
Últimos blogs

Lea cómo Netskope puede hacer posible el viaje hacia la Confianza Cero y SASE a través de las capacidades del borde de servicio de seguridad (SSE).

Lea el blog
Sunrise and cloudy sky
SASE Week 2023: ¡Su viaje SASE comienza ahora!

Sesiones de repetición de la cuarta SASE Week.

Explorar sesiones
SASE Week 2023
¿Qué es Security Service Edge (SSE)?

Explore el lado de la seguridad de SASE, el futuro de la red y la protección en la nube.

Más información sobre el servicio de seguridad perimetral
Four-way roundabout
  • Empresa chevron

    Le ayudamos a mantenerse a la vanguardia de los desafíos de seguridad de la nube, los datos y la red.

  • Liderazgo chevron

    Nuestro equipo de liderazgo está firmemente comprometido a hacer todo lo necesario para que nuestros clientes tengan éxito.

  • Soluciones para clientes chevron

    Le apoyamos en cada paso del camino, garantizando su éxito con Netskope.

  • Formación y certificación chevron

    La formación de Netskope le ayudará a convertirse en un experto en seguridad en la nube.

Apoyar la sostenibilidad a través de la seguridad de los datos

Netskope se enorgullece de participar en Vision 2045: una iniciativa destinada a crear conciencia sobre el papel de la industria privada en la sostenibilidad.

Descubra más
Apoyando la sustentabilidad a través de la seguridad de los datos
Pensadores, constructores, soñadores, innovadores. Juntos, ofrecemos soluciones de seguridad en la nube de vanguardia para ayudar a nuestros clientes a proteger sus datos y usuarios.

Conozca a nuestro equipo
Group of hikers scaling a snowy mountain
El talentoso y experimentado equipo de servicios profesionales de Netskope proporciona un enfoque prescriptivo para su exitosa implementación.

Más información sobre servicios profesionales
Servicios profesionales de Netskope
Asegure su viaje de transformación digital y aproveche al máximo sus aplicaciones en la nube, web y privadas con la capacitación de Netskope.

Infórmese sobre Capacitaciones y Certificaciones
Group of young professionals working

Empowering Secure Cloud Adoption: A Response to the NSA and CISA Cybersecurity Guidelines

Mar 12 2024

In the ever-evolving landscape of cybersecurity, the collaborative effort between the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) in issuing five joint Cybersecurity Information Sheets (CSIs) marks a significant milestone in guiding organizations towards secure cloud adoption. These documents serve as a testament to the critical nature of securing cloud services in an era where digital transformation is not just an option, but a necessity. As the Director of Security Transformation at Netskope, I find these guidelines not only timely but closely aligned with our mission to provide comprehensive security solutions in the cloud, data, and cyber realms. In fact, we are helping customers secure data in the cloud in even more clever ways than the baseline recommendations in these information sheets. Let me walk through how these recommendations map onto Netskope’s approach and technology.

1. Secure Cloud Identity and Access Management Practices

The first CSI emphasizes the importance of secure cloud identity and access management practices. With the rise of sophisticated attacks targeting cloud identities, the adoption of robust mechanisms like multi-factor authentication (MFA) and stringent credential storage practices is paramount. At Netskope, we resonate with this approach through our Adaptive Access Control and seamless integration with cloud identity providers. 

The key advantage of incorporating user confidence scores is the ability to continuously adapt security measures based on granular insights into the changing behaviors of user identities. When a user starts exhibiting behaviors that deviate from their usual pattern or resemble those of a threat actor—such as accessing sensitive data at unusual times or from unusual locations—Netskope’s policies can automatically adjust.

By leveraging more than 100 User and Entity Behavior Analytics (UEBA) policies, organziations can generate unique user confidence scores for each of an organization’s users, then integrate this into the Netskope real-time protection policies. Doing so allows Netskope to dynamically assess the risk associated with each user’s actions, and then deliver the right access control policy for your organization’s risk appetite.

2. Secure Cloud Key Management Practices

The second CSI focuses on the critical aspect of key management in cloud environments, underscoring the importance of understanding and documenting shared security responsibilities. Netskope gives its customers full control over encryption keys by supporting third-party hardware security modules (HSM) in these ways:

  • Storing the key that corresponds to a certificate which in turn signs generated certificates used for inspecting TLS traffic
  • Storing keys generated for encrypting structured and unstructured data

As many industries are subject to strict regulatory requirements regarding data protection and privacy, using an HSM to manage encryption keys helps organizations comply with these regulations by ensuring that the keys are securely managed and not exposed to third-party cloud providers.

The logical security measures provided by HSMs protect against a wide range of attacks, including tampering and exploitation attempts. This ensures that encryption keys remain secure, even in the event of a breach elsewhere in the IT environment.

In the current digital age, where data breaches and cybersecurity threats are increasingly common, securing sensitive data in the cloud has become paramount. Netskope’s support for hardware security modules empowers organizations to take control of their encryption key management, offering a secure, compliant, and flexible solution that aligns with the NSA and CISA’s recommendations for secure cloud key management practices. This approach not only enhances an organization’s cloud security posture but also builds trust with customers and stakeholders by demonstrating a commitment to protecting sensitive information.

3. Network Segmentation and Encryption in Cloud Environments

Implementing network segmentation and encryption in cloud environments is the focus of the third CSI. Netskope’s secure access service edge (SASE) is a comprehensive cloud security service that delivers network segmentation and encryption in all cloud and on-premise environments. With the rise of cloud services exponentially increasing the complexity of managing and securing enterprise networks, and with 74% of data theft coming from the movement of corporate data to personal instances of approved cloud applications, this complexity underscores the need for robust solutions like Netskope’s Next Gen Secure Web Gateway (NG-SWG) with instance awareness.

Instance awareness allows Netskope’s NG-SWG to distinguish between different instances of the same cloud application. For example, it can differentiate between an organization’s official instance of a cloud storage application and personal or third-party instances accessed by the user.

By leveraging instance awareness, Netskope NG-SWG can enforce policies that prevent users from accessing unauthorized, third-party, or personal instances of cloud applications. This capability is crucial for preventing data exfiltration and ensuring that sensitive corporate data remains within sanctioned environments. When a user attempts to access an unsanctioned instance, the NG-SWG can block access or redirect the user to an approved instance, significantly reducing the risk of data theft or leakage.

Netskope Borderless SD-WAN (BWAN) extends the concept of network segmentation beyond traditional network perimeters, catering to the needs of a modern workforce that operates from varying locations and uses a multitude of devices. Netskope BWAN ensures network segmentation for any device by encapsulating each session in a secure and encrypted tunnel. This segmentation extends to all applications and data, whether hosted in the cloud or on-premises, effectively isolating critical resources from unauthorized access.

4. Secure Data in the Cloud

The fourth CSI addresses the vital aspect of securing data in the cloud. Netskope’s Data Loss Prevention (DLP) capabilities are at the forefront of this challenge, offering comprehensive protection across SaaS, IaaS, private applications, and more, as well as the ability to support the huge variance in regional and sector DLP requirements.

Netskope DLP includes over 3,000 industry and region-specific data profiles so are tailored to meet the unique compliance requirements and business needs of various organizations. This vast library of data profiles enables businesses to quickly identify and protect sensitive information relevant to their specific industry or geographic location, facilitating faster return on investment and ensuring compliance with regional data protection laws and regulations. This capability aligns with the NSA and CISA’s advice on securing data from unauthorized access and adhering to legal and regulatory requirements.

Going one step further, Netskope’s DLP also leverages 27 machine learning classifiers, exact data matching, and a customizable classifier engine. This advanced technology allows for organizations to create data classifiers unique to them, allowing the precise detection and protection of sensitive data, reducing the risk of false positives and ensuring that security measures do not hinder legitimate business processes. The ability to train your own classifier further aligns Netskope DLP with each customer’s specific data protection needs.

Netskope DLP also provides extensive coverage across a variety of environments, including software-as-a-service (SaaS), the web, infrastructure-as-a-service (IaaS), private applications, and even endpoint devices like USBs, printers, and email systems. This wide-ranging coverage ensures that sensitive data is protected regardless of where it resides or how it’s being accessed. By securing data across these diverse environments, Netskope helps organizations meet the NSA and CISA’s recommendations to include the encryption of data at rest and in transit, and the implementation of strict access controls.

Netskope’s approach to user notifications offers an innovative alternative to traditional hard blocks. By notifying users when they attempt to perform a risky action, such as accessing unauthorized data or violating a DLP policy, Netskope not only prevents potential security breaches but also educates users on correct security practices. This feature allows for the integration of Netskope’s security solutions with an organization’s broader security program, delivering security awareness training and coaching directly to users. This method of proactive user engagement supports the NSA and CISA’s recommendations for enhancing the overall security culture within organizations.

5. Mitigating Risks from Managed Service Providers in Cloud Environments

The final CSI discusses the risks associated with Managed Service Providers (MSPs) in cloud environments. Mitigating risks from MSPs in cloud environments is crucial, as these entities often have high levels of access to customer networks, making them attractive targets for threat actors.

A key component of the Netskope Zero Trust Engine, Netskope’s ZTNA solution is designed to ensure that contractors and MSPs only gain access to the specific internal applications they require for their work and not the entire network. This approach significantly limits the attack surface by applying the principle of least privilege at the network level. By verifying the identity and context of each access request, ZTNA ensures that only authorized users can access designated resources, preventing lateral movement within the network that could lead to broader security incidents.

Netskope’s advanced role-based access control (RBAC) capabilities take access control a step further by providing granular permissions tailored to the specific roles and responsibilities of MSP admins. This ensures that MSP personnel can only access the areas of the customer’s cloud environment necessary for their tasks, reducing the risk of unauthorized access to sensitive areas.

Beyond controlling access, Netskope’s advanced RBAC capabilities include options for obfuscating sensitive internal information. This feature is particularly important when dealing with DLP forensics or employee information that MSPs might encounter during their operations. By obfuscating this data, Netskope ensures that MSPs can perform necessary tasks without exposing them to sensitive information, thereby protecting the privacy of the organization’s data and its employees. This level of data protection is crucial for maintaining confidentiality and compliance with data protection regulations.

Conclusión

The release of the NSA and CISA’s Cybersecurity Information Sheets is a call to action for organizations to bolster their cloud security practices. At Netskope, we are proud to offer solutions that not only align with these guidelines but also empower our customers to navigate the complexities of cloud security with confidence. As we continue to innovate and adapt in response to the ever-changing cybersecurity landscape, our commitment to securing our customers’ cloud journeys remains steadfast. Together, we can achieve a more secure digital future.

author image
Michael Ferguson
Michael Ferguson es un profesional de la seguridad muy centrado en el cliente, que ha trabajado en el sector de la ciberseguridad durante más de 15 años en toda la región de Asia-Pacífico.

Stay informed!

Subscribe for the latest from the Netskope Blog