Netskope nombrado Líder en el Cuadrante Mágico de Gartner® 2024™ para Security Service Edge. Obtenga el informe

cerrar
cerrar
  • Por qué Netskope chevron

    Cambiar la forma en que las redes y la seguridad trabajan juntas.

  • Nuestros clientes chevron

    Netskope atiende a más de 3.000 clientes en todo el mundo, entre ellos más de 25 de las 100 empresas de Fortune

  • Nuestros Partners chevron

    Nos asociamos con líderes en seguridad para ayudarlo a asegurar su viaje a la nube.

Aún más alto en ejecución.
Aún más lejos en visión.

Sepa por qué 2024 Gartner® Cuadrante Mágico™ nombró a Netskope Líder para Security Service Edge por tercer año consecutivo.

Obtenga el informe
Netskope Nombrado líder en el gráfico 2024 Gartner® Magic Quadrant™ for Security Service Edge para Menu
Ayudamos a nuestros clientes a estar preparados para cualquier situación

Ver nuestros clientes
Woman smiling with glasses looking out window
La estrategia de venta centrada en el partner de Netskope permite a nuestros canales maximizar su expansión y rentabilidad y, al mismo tiempo, transformar la seguridad de su empresa.

Más información sobre los socios de Netskope
Group of diverse young professionals smiling
Tu red del mañana

Planifique su camino hacia una red más rápida, más segura y más resistente diseñada para las aplicaciones y los usuarios a los que da soporte.

Obtenga el whitepaper
Tu red del mañana
Presentamos la Netskope One Plataforma

Netskope One es una Plataforma nativa en la nube que ofrece servicios convergentes de seguridad y redes para hacer posible su transformación SASE y de confianza cero.

Learn about Netskope One
Abstracto con iluminación azul
Adopte una arquitectura de borde de servicio de acceso seguro (SASE)

Netskope NewEdge es la nube privada de seguridad más grande y de mayor rendimiento del mundo y ofrece a los clientes una cobertura de servicio, un rendimiento y una resiliencia incomparables.

Más información sobre NewEdge
NewEdge
Netskope Cloud Exchange

Cloud Exchange (CE) de Netskope ofrece a sus clientes herramientas de integración eficaces para que saquen partido a su inversión en estrategias de seguridad.

Más información sobre Cloud Exchange
Vídeo de Netskope
  • Servicio de seguridad Productos Edge chevron

    Protéjase contra las amenazas avanzadas y en la nube y salvaguarde los datos en todos los vectores.

  • Borderless SD-WAN chevron

    Proporcione con confianza un acceso seguro y de alto rendimiento a cada usuario remoto, dispositivo, sitio y nube.

  • Secure Access Service Edge chevron

    Netskope One SASE proporciona una solución SASE nativa en la nube, totalmente convergente y de un único proveedor.

La plataforma del futuro es Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG) y Private Access for ZTNA integrados de forma nativa en una única solución para ayudar a todas las empresas en su camino hacia el Servicio de acceso seguro Arquitectura perimetral (SASE).

Todos los productos
Vídeo de Netskope
Next Gen SASE Branch es híbrida: conectada, segura y automatizada

Netskope Next Gen SASE Branch converge Context-Aware SASE Fabric, Zero-Trust Hybrid Security y SkopeAI-Powered Cloud Orchestrator en una oferta de nube unificada, marcando el comienzo de una experiencia de sucursal completamente modernizada para la empresa sin fronteras.

Obtenga más información sobre Next Gen SASE Branch
Personas en la oficina de espacios abiertos.
Diseño de una arquitectura SASE para Dummies

Obtenga un ejemplar gratuito del único manual que necesitará sobre diseño de una arquitectura SASE.

Obtenga el eBook
Cambie a los servicios de seguridad en la nube líderes del mercado con una latencia mínima y una alta fiabilidad.

Más información sobre NewEdge
Lighted highway through mountainside switchbacks
Habilite de forma segura el uso de aplicaciones de IA generativa con control de acceso a aplicaciones, capacitación de usuarios en tiempo real y la mejor protección de datos de su clase.

Descubra cómo aseguramos el uso generativo de IA
Habilite de forma segura ChatGPT y IA generativa
Soluciones de confianza cero para implementaciones de SSE y SASE

Más información sobre Confianza Cero
Boat driving through open sea
Netskope logra la alta autorización FedRAMP

Elija Netskope GovCloud para acelerar la transformación de su agencia.

Más información sobre Netskope GovCloud
Netskope GovCloud
  • Recursos chevron

    Obtenga más información sobre cómo Netskope puede ayudarle a proteger su viaje hacia la nube.

  • Blog chevron

    Descubra cómo Netskope permite la transformación de la seguridad y las redes a través del borde de servicio de seguridad (SSE)

  • Eventos y Talleres chevron

    Manténgase a la vanguardia de las últimas tendencias de seguridad y conéctese con sus pares.

  • Seguridad definida chevron

    Todo lo que necesitas saber en nuestra enciclopedia de ciberseguridad.

Podcast Security Visionaries

La intersección de Zero Trust y la seguridad nacional
On the latest episode of Security Visionaries, co-hosts Max Havey and Emily Wearmouth sit down for a conversation with guest Chase Cunningham (AKA Dr. Zero Trust) about zero trust and national security.

Reproducir el pódcast
La intersección de Zero Trust y la seguridad nacional
Últimos blogs

Lea cómo Netskope puede hacer posible el viaje hacia la Confianza Cero y SASE a través de las capacidades del borde de servicio de seguridad (SSE).

Lea el blog
Sunrise and cloudy sky
SASE Week 2023: ¡Su viaje SASE comienza ahora!

Sesiones de repetición de la cuarta SASE Week.

Explorar sesiones
SASE Week 2023
¿Qué es SASE?

Infórmese sobre la futura convergencia de las herramientas de red y seguridad en el modelo de negocio actual de la nube.

Conozca el SASE
  • Empresa chevron

    Le ayudamos a mantenerse a la vanguardia de los desafíos de seguridad de la nube, los datos y la red.

  • Liderazgo chevron

    Nuestro equipo de liderazgo está firmemente comprometido a hacer todo lo necesario para que nuestros clientes tengan éxito.

  • Soluciones para clientes chevron

    Le apoyamos en cada paso del camino, garantizando su éxito con Netskope.

  • Formación y certificación chevron

    La formación de Netskope le ayudará a convertirse en un experto en seguridad en la nube.

Apoyar la sostenibilidad a través de la seguridad de los datos

Netskope se enorgullece de participar en Vision 2045: una iniciativa destinada a crear conciencia sobre el papel de la industria privada en la sostenibilidad.

Descubra más
Apoyando la sustentabilidad a través de la seguridad de los datos
Pensadores, constructores, soñadores, innovadores. Juntos, ofrecemos soluciones de seguridad en la nube de vanguardia para ayudar a nuestros clientes a proteger sus datos y usuarios.

Conozca a nuestro equipo
Group of hikers scaling a snowy mountain
El talentoso y experimentado equipo de servicios profesionales de Netskope proporciona un enfoque prescriptivo para su exitosa implementación.

Más información sobre servicios profesionales
Servicios profesionales de Netskope
Asegure su viaje de transformación digital y aproveche al máximo sus aplicaciones en la nube, web y privadas con la capacitación de Netskope.

Infórmese sobre Capacitaciones y Certificaciones
Group of young professionals working

Gartner Research Spotlight: How to Evaluate and Operate a Cloud Access Security Broker

Dec 18 2015
Tags
Cloud Best Practices
Cloud Security
Tools and Tips

The cloud access security broker (CASB) market is gaining a lot of momentum as more organizations look for a solution to help them with cloud service visibility, security, and compliance. Gartner estimates that by 2020, 85% of large enterprises will use a CASB solution for their cloud services, which is up from fewer than 5% in 2015. Customers today have a variety of options when it comes to choosing a CASB vendor and the selection process can be confusing given the variety of vendor capabilities. Just in time for the holidays, Gartner is helping customers maneuver the CASB landscape by authoring a research paper titled “How to Evaluate and Operate a Cloud Access Security Broker”.

I would like to use this opportunity to share some of the highlights of Gartner’s paper and provide a Netskope perspective on the “access centric” piece of the Gartner CASB framework. I will touch on the “threat centric” piece in a future blog post.

In this paper, Gartner uses their Adaptive Security Architecture to help IT security leaders develop a CASB strategy that is based on a continuous and adaptive approach to cloud security and governance. Here is a synopsis of each of Gartner’s best practices and Netskope’s commentary on each of these. You can get the full Gartner paper here.

Achieve Cloud Service Visibility and Perform a Risk and Compliance Assessment

To understand the risks associated with the use of cloud services, enterprises need visibility into what cloud services are already in use (and by which people); the sensitivity of the data being handled; which devices are used to access that data; and from where it’s accessed. In almost all cases, even when enterprises feel they have a good understanding of cloud services use, unsanctioned (also referred to as “shadow IT” or “citizen IT”) usage is taking place.

Netskope Take
Gartner presents what is often a critical starting point to assessing risk with cloud usage: The need to see what is going on in your environment. Although Gartner states that the capability of discovery itself is becoming a commodity, Netskope believes there is an opportunity to expand the scope of discovery to make sure that apps, data, users, devices, and location also cover unsanctioned cloud usage. Understanding what activities are occurring in your environment (e.g. sensitive data being uploaded to unsanctioned cloud apps) is a key component of assessing your risk. Many CASB vendors can help you assess risk at the activity level for sanctioned cloud apps, and can only see activities for the sanctioned apps they manage. Only Netskope allows you to see risky activities across both sanctioned and unsanctioned cloud apps.

Use the CASB to Select Appropriate Cloud Services

Enterprises need to continue to understand and verify the compliance and security posture of this cloud service. Leading CASBs have genuine intellectual property with their cloud service assurance databases. A well-designed reporting tool into this database will enable organizations to specify a template of the features and options that cloud services must have before they can even be considered for use by an organization.

Netskope Take
Assessing the risk of the cloud app itself is absolutely a critical best practice. Netskope has a dedicated team that researches tens of thousands of cloud apps and assigns an enterprise-readiness score (Cloud Confidence Index) to each. This is based on objective criteria taking in account the Cloud Security Alliance (CSA) Cloud Controls Matrix in addition to our own research. There are two key use cases that this addresses. The first is tying this to the discovery of cloud apps running in your environment and measuring the enterprise-readiness of each of the discovered app so you can assess risk. The other use case is for vendor assurance or vetting new cloud apps that you are looking to bring into your environment. Netskope can be your outsourced due-diligence team and you can use our service as a “consumer reports for your cloud apps”.

Plan for Adaptive Access

To manage risk, enterprises are looking to CASB providers for the ability to apply real-time context to the decision as to whether a cloud service should be accessed — for example, restricting access based on the location, time of day or whether the device is enterprise-managed.

Netskope Takenace

This best practice is critical. Context is key when it comes to determining whether a cloud service should be accessed. Without context, you are forced to take a sledgehammer approach to cloud usage policies and perform an allow vs. block at a coarse-grained level. Understanding who the user is, what device they are connecting from, whether it is managed or unmanaged, what activity they are performing, and what data they are working with will help you be laser focused in putting policies in place. The net-result is you don’t have to perform wide-sweeping block policies that impact users performing real work. You can target specific cases that pose a risk and minimize the sacrificial lambs.

Treat the Encryption and Tokenization of Data with Care

Several CASB solutions support the optional encryption and/or tokenization of data (at the field- or the file-content/object level), so that enterprises can meet the legal and regulatory requirements of their industries or countries. Implemented properly, data protection using encryption/tokenization, while the enterprise maintains control of the key/tokenization dictionary, can be a powerful way to protect sensitive data in the cloud. It can also prevent the cloud service provider from seeing it, if necessary, to satisfy compliance policy requirements. However, when implemented as an in-line proxy, this may create a single point of failure for the cloud service being accessed. If the CASB solution is down, access may not be possible, or, if accessible, the data may be unintelligible. Likewise, if the CASB mapping of the cloud service functionality is incorrect, due to a cloud service update, the CASB may effectively break the cloud service. More importantly, the encryption and or tokenization of data will often affect the end-user functionality of the SaaS application — specifically, search, indexing, sorting, numeric operations at the field level and functions such as document preview in an EFSS, if an object-level attachment is encrypted. Because of these issues, external cloud data protection should only be considered only when it is demanded by regulatory requirements.

Netskope Take

Encryption-iconEncryption is a key part of any cloud security strategy. Netskope provides strong encryption capabilities to enhance security and confidentiality of content exposed to the cloud. Files can be selectively encrypted in flight to avoid indexes for sensitive data, augmenting the confidentiality capabilities of providers that already offer encryption, or bulk processed to bring encryption to services that don’t offer it natively. Gartner’s warnings around cloud encryption are absolutely correct. It is important to understand the trade-offs that come with it and the specific use cases where it makes sense along with the use cases where maybe not be applicable.

Continuously Verify Secure and Compliant Sensitive Data Usage

Most enterprises have a blind spot when sensitive data is stored in cloud services. The CASB platform should provide for continuous sensitive data monitoring — sometimes referred to as “cloud DLP” — through APIs or via in-line inspection. Here, the CASB solution should provide an understanding and a mapping of sensitive information flows — who, what, when where and why — even if no action is taken.

Netskope Take

Cloud DLP is a critical part of any cloud security strategy and Gartner accurately points out that context needs to be applied to DLP so you can map to a cloud security policy to handle sensitive data leakage. Netskope offers the most powerful cloud DLP out of any CASB vendor. More than 3,000 data identifiers, 500 file types, out of the box compliance profiles such as PCI, PHI, and PII, and advanced features such as proximity, fingerprinting, and exact match make up a powerful DLP engine. Extend that DLP engine with integration to on-premises data loss prevention software offerings along with the ability to point our DLP engine in context to both sanctioned and unsanctioned sets our “noise-cancelling” cloud DLP solution apart from the CASB pack.

Continuously Verify Secure and Complaint Usage

In addition to sensitive data monitoring, we believe that all cloud activities (actions and transactions) should be continuously monitored, logged and analyzed, and ideally, they should provide the alternative to real time, cloud service, transactional (actions within the cloud service) decision making on a per user, application, device or transaction basis. This is a more granular form of adaptive access, based on context — for example, downloading customer records from Salesforce. At a minimum, this action would be logged. If the context of the action violates policy — for example, downloading customer records onto an unmanaged device — then the action could be blocked or a warning message could be displayed to the user before allowing the process to proceed. Alternatively, a step-up authentication method, such as an out-of-band text message, could be triggered if anyone suspects the account has been compromised.

Enterprises should favor CASB vendors that provide embedded user and entity behavior analytics (UEBA) capable of baselining the actions of specific users, groups, devices, apps and roles, and using this context to detect anomalous behaviors that might indicate an insider threat, data exfiltration activity or someone using compromised credentials. For example, if a user is downloading an abnormally large amount of customer data, as compared with what is normal for him or her (or for his or her peers), an event could be generated, or the requested download could be blocked.

Netskope Take

There is an obvious theme that is bubbling to the top and that is the importance context plays when getting visibility into cloud usage. Context is also important when it comes to behavior analysis and determining when activities are abnormal. Netskope leverages our unique capability to see activity-level details across sanctioned and unsanctioned cloud apps and uses context and anomaly detection algorithms to determine when an activity is outside of the norm.

Investigate and Respond to Exceptions
Exceptions will be flagged in the access and use of cloud services that must be investigated. Because the core of any enterprise CASB strategy (and of the framework) is based on continuous visibility, this data must be available to a security analyst to investigate incidents that have been flagged, including in existing tools, such as security information and event management (SIEM). In some cases, no action will be needed. In other cases, adjustments to policies may be required — for example, providing a given user or group more or less access. Leading CASBs are becoming increasingly sophisticated, enabling the exception response to be automated and making the data or process owners (and not IT) the primary escalation and action point for workflow.

Netskope Take

The need for continuous visibility drives the requirement to have a system in place to manage exception on an ongoing basis. External SIEM tools are a key extension to CASB and Netskope specifically provides integration with a variety of 3rd party SIEM platforms. What is more is that Netskope leverages a REST API to make available all the rich contextual data involving apps, users, devices, location, data, and activities directly to the SIEM so activities can be correlated and exceptions can be properly managed.

Manage Usage

In addition to managing exceptions, the rich amount of cloud services usage data can be analyzed and used to better manage cloud use. For example, to enable an operations or security analyst to visualize overall usage and activities, as described previously, business unit application owners should also be able to view this data and make intelligence-driven decisions as to access and licensing. Ideally, the CASB platform provides visualization capabilities to visualize and understand trending, as well as highlighting over-licensing or under-licensing situations. In addition to the native management console, the event data stream should be exportable to enterprise SIEM systems for analysis and compliance reporting. If policy changes are considered, the CASB solution should provide the ability to proactively model the impact and risk of making the change before the change is implemented.

Netskope Take

This is a great way to close on the best practices for cloud services access. A CASB is only as useful as the data you are able to get out of it. Netskope provides a risk dashboard to help customers visualize their risk based on apps discovered, use activity, compromised credentials and a number of criteria. Netskope also provides an app analytics facility where you can slide and dice data to get the answers you are looking for along with custom reports that are generated from ad-hoc queries. This is extremely powerful enabling you to get answers to questions like “show me download activity for users that are about to leave the company.

Summary

The CASB market is gaining momentum and 2016 just might be the year of the CASB. If you are evaluating CASB, I highly recommend taking a look at the Gartner paper, “How to Evaluate and Operate a Cloud Access Security Broker” and obviously take a look at Netskope.

author image
Bob Gilbert
As Vice President of Strategy and Chief Evangelist at Netskope, Bob is dedicated to helping clients transform their security and networking infrastructure to meet the demands of an ever-changing world.

Stay informed!

Subscribe for the latest from the Netskope Blog