>
CompanySecurity & Assurance

Security & Assurance

Founded and built by industry veterans with decades of success in enterprise security, Netskope has taken information security and compliance very seriously since day one.

Security

As the cloud security leader serving the world’s largest and most valuable customers, we have directed significant resources to ensure that our data centers, hardware, software, and processes are secure, redundant, meet the most rigorous standards, and deliver the high performance even our most stringent customers require. Our Global Cloud Infrastructure and data center hosting providers employ state-of-the-art physical security controls and we regularly engage independent auditors to ensure the highest level of compliance with best-of-breed frameworks and standards.

Industry leading expertise

A data-centric, contextualized, digital and cyber risk strategy is imperative to your success. To help ensure the strength of your security program, we offer complimentary consultations with our top strategy experts for qualifying customers.

Meet our
security experts

Netskope has an established Information Security Committee that regularly convenes to review Netskope product engineering, security operations, and personnel processes against a comprehensive set of industry frameworks and standards. Should you have any questions or concerns, don’t hesitate to reach out to us at [email protected].

Jason Clark

Chief Strategy Officer

James Christiansen

VP, Cloud Security Transformation

Lamont Orange

CISO

Neil Thacker

CISO, EMEA

David Fairman

CSO, APAC

Nathan Smolenski

Director, Enterprise Strategy CISSP, CISM, CISA

James Robinson

Deputy CISO

Forrest McMahon

Global GRC Officer

Vladimir Klasnja

Director, Cloud Architecture Services

Damian Chung

Business Information Security Officer

Jason Clark

Chief Strategy Officer

Jason brings decades of experience building and executing successful strategic security programs to Netskope.

He was previously the chief security and strategy officer for Optiv, developing a comprehensive suite of solutions to help CXO executives enhance their security strategies and accelerate alignment of those strategies with the business. Prior to Optiv, Clark held a leadership role at Websense, where he was a driving force behind the company’s transformation into a provider of critical technology for chief information security officers (CISOs). In a prior role as CISO and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing a successful security program for 140,000 employees across 1,500 locations. He was previously CISO for The New York Times, and has held security leadership and technical roles at EverBank, BB&T and the U.S. Army.

James Christiansen

VP, Cloud Security Transformation

James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Chief Strategy Office. He is focused on Netskope’s global strategy to drive thought leadership in cloud security transformation.

James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.

As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.

James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.

He earned his master’s degree in business administration with a focus on international management and his bachelor’s degree in business management from Westminster College.

Lamont Orange

CISO

Lamont has more than 20 years of experience in the information security industry, having previously served as vice president of enterprise security for Charter Communications (now Spectrum) and as senior manager for the security and technology services practice at Ernst & Young.

Prior to joining Netskope, Orange was CISO for Vista Equity Partners/Vista Consulting Group. He was responsible for managing the cybersecurity programs and development of cybersecurity talent within the Vista portfolio, which included more than 50 companies. Prior to Vista, Lamont was Information Security Officer for Websense. In that role, he was responsible for developing, maintaining and socializing the company’s internal security program. He was also responsible for working with current and potential customers demonstrating security of the solutions and the connection to the overall security ecosystem.

Neil Thacker

CISO, EMEA

Neil Thacker, a cybersecurity executive and co-founder holds over 20 years’ experience in the cybersecurity and technology industry.

As Netskope Chief Information Security Officer EMEA, Neil works alongside product and engineering teams to ensure the secure delivery of Netskope technology and services. With a focus on data protection and regulatory compliance, Neil works with Netskope customers to ensure their security programmes are both optimised and can deliver on their strategic requirements in a cloud-first world.

Prior to joining Netskope, Neil served at Swiss Re, Deutsche Bank, Camelot Group and Forcepoint.
Neil is co-founder and board member of the Security Advisor Alliance (SAA), a not-for-profit organisation formed to both help security leaders in their role and to promote information security and cybersecurity careers to future generations.

Neil is Advisory Board member for the Cloud Security Alliance (CSA) EMEA and member of the European Union Agency for Cybersecurity (ENISA) where he contributes to the EU agency program to position the threat landscape, mitigation advice and threat analysis and innovation.

Neil is an Advisory Board member to NeuroCyber, supporting and coordinating national activity, awareness, knowledge and action on improving neurodiversity and inclusion in cybersecurity.

Neil is CISSP, CIPP/E and CEH certified and is a frequent speaker and writer on cybersecurity, data protection and privacy-related topics.

David Fairman

CSO, APAC

David Fairman is an experienced CSO/CISO, strategic advisory, investor and coach. He has extensive experience in the global financial services sector. At NAB, David was the Chief Security Officer (CSO) owning all aspects of Physical Security, Fraud, Investigations and Cyber Security. Prior to NAB, he was the Group Chief Information Security Officer (CISO) for the Royal Bank of Canada. David has been a senior leader at JP Morgan Chase & Co as Deputy Technology Controls Officer and Global Head of Technology Risk and Control. David has also held several senior roles at the Royal Bank of Scotland (RBS), including CISO RBS Americas and Head of Information Security EMEA.

David was raised and educated in Australia where he received his Bachelor of Information Technology in Software Engineering and Computer Science. He holds a Masters of Business Administration and a Masters of Project Management. David began his career in Information Security while serving in the Royal Australian Air Force’s Electronic Warfare and Communications group, where he gained valuable experience in the technology, policy and process aspects of security and risk management.  Subsequently, David worked in a variety of roles in technology and cyber, including in the utilities sector (gas and electricity). David holds a number of positions on boards of directors and was a founding member of the Security Advisor Alliance (www.securityadvisoralliance.org), and the Canadian Cyber Threat Exchange. During his tenure at NAB, David was the Chair for the Board of Directors for the Australian Financial Crimes Exchange. David also advises a number of VC funds and Cyber Security companies.

In 2015, David was named as one of the Top 10 CISOs to know, and is seen as a thought leader in the cyber security industry as profiled by K-Logix.

David co-authored “Cyber Risk” (2016), and co-edited “Fintech: Growth and Deregulation” (2018) published by Risk Books.

David is passionate about education. He has held Adjunct Professorships at both the University of New York and the University of Toronto and is currently working with Deakin University in Australia.

Nathan Smolenski

Director, Enterprise Strategy CISSP, CISM, CISA

Nathan is an experienced CISO & risk management and technology leader with over 19 years of experience across financial services, management consulting, insurance, and software industry verticals.

Nathan currently serves as Director, Head of Enterprise Security Strategy as a member of the global strategy team at Netskope, focused on digital transformation and the impacts on cybersecurity programs and strategies. Nathan also focuses on security research, technology evolution, leadership enrichment, and mentoring.

Nathan started his career in security and risk management as Head of Operational Risk Management at Bank Julius Baer & Co, NY. In the years that followed, Nathan served as the CISO for 21st Century Insurance, a Farmers Insurance Company. Eventually, Nathan took over as CISO of Zurich North America with cybersecurity responsibility for all of the Zurich Insurance brands across the US and Canada. Following Zurich North America, Nathan became the first CISO/CSO of the global management consulting firm Spencer Stuart, building the firm’s first enterprise security program covering 70 offices in over 30 countries. Lastly, before joining Netskope, Nathan served as the Head of Technology Security Strategy, Architecture, and Engineering for the NY Life Insurance Company.

Nathan maintains the CISSP, CISA, and CISM designations and has an educational background in business, technology, homeland security, and emergency preparedness. Nathan served as a member of Zurich’s global security leadership team that received an RSA award for ‘Excellence in the field of information security’ in 2014 and was a 2016 nominee for The City of Chicago’s CISO of the Year. Nathan also actively serves as a board member and mentor for several technology companies and as a board advisor to Ithaca College to develop their cybersecurity educational program.

James Robinson

Deputy CISO

Robinson is a seasoned professional with nearly 20 years of experience in security engineering, architecture and strategy. He develops and delivers a comprehensive suite of strategic services and solutions that help executives change their security strategies through innovation.

Before his time at Netskope, Robinson was the VP third-party risk management at Optiv, where he worked as a core contributor around strategic internal initiatives including threat management, risk management, third-party risk management, vulnerability management and data program protection. Prior to Optiv, he was the security architecture and strategy officer for Websense. He also previously served as product security officer for Emerson Network Power, a division of Emerson Electric Company, where he built the company’s first product security organization, including program and reference models, which were later adopted by Emerson Electric’s CTO office.

He has held positions of increasing responsibilities with other Fortune 500 companies such as Anheuser-Busch and State Farm insurance where he ran one of the most successful penetration testing engagements in the company’s history.

Throughout his career, Robinson has helped companies plan, build and run security programs, and he has developed solutions for network architecture and application security, penetration testing, incident response, security and risk assessment, forensics and investigations and product security. He attended Webster University where he studied business and management and holds a number of technical certifications.

Forrest McMahon

Global GRC Officer

Forrest has over 20 years of experience in the information security industry helping organizations develop and mature comprehensive programs and technical solutions to meet their security and compliance objectives. He has led Netskope’s Governance Risk and Compliance (GRC) programs for the past three years achieving ISO and FedRAMP certifications and assisting customers to effectively leverage Netskope for their GRC requirements. Prior to joining Netskope, Forrest led a security and compliance services delivery practice with Coalfire Systems focusing on cloud service providers.

During his career, Forrest has helped companies assess, plan, build and run security and GRC programs and has developed and implemented solutions and strategies to address compliance and risk management, network architecture, and technical solutions across all information security domains.

Vladimir Klasnja

Director, Cloud Architecture Services

Vladimir Klasnja is a seasoned technical leader with significant experience in enterprise, security and cloud architecture. Klasnja focuses on incorporating his passion for strategic thinking with creating holistic solutions to satisfy complex business requirements. Klasnja leverages his experience to help security executives achieve success within their respective organizations with respect to cloud architecture and digital transformation.

Prior to joining Netskope, Klasnja oversaw Optiv’s Data Protection and Privacy Program, was a member of the Executive Advisory Group, and led the organization’s Cloud Security practice.

Before Optiv, Klasnja spent eight years at Emerson Electric, where he was a key leader in enterprise architecture, driving strategic innovation for user experience, mobility, security and cloud.

Klasnja is a member of St. Louis 630 Cyber, where he enjoys mentoring cyber security startups. He is also active with the Security Advisory Alliance (SAA), helping to drive future generations of cyber security professionals.

Klasnja earned his BA in economics from the University of Belgrade and holds a technical degree in Automatics/Robotics.

Damian Chung

Business Information Security Officer

Damian Chung is a cybersecurity leader with over ten years of security experience focused in healthcare.

As the Business Information Security Officer at Netskope, Damian is responsible for overseeing corporate security tools and processes and acts as the subject matter expert in the healthcare vertical. He also serves as an adjunct professor for the cybersecurity program at the University of Advancing Technologies in Tempe, AZ.

Prior to Netskope, Chung was the Sr. Director, Cybersecurity Engineering at Dignity Health where he implemented multiple cybersecurity controls and helped mature their security program by developing a healthcare-focused security roadmap.

Additionally, Damian has held the role of VP of IT, Cloud Security & Compliance for a healthcare technology company where he built a HIPAA compliant cloud service. Damian has an MSc from Arizona State.

Compliance

AICPA SOC 2

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

To request for a copy of our SOC 2 Report, please contact us.

AICPA SOC 3

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

To request for a copy of our SOC 3 Report, please contact us.

FedRAMP

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program enables government agencies to adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT.

Click here to learn more about Netskope’s Authorization.

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).

To request the ISO 27001 certification, please contact us.

ISO 27018

The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers.

To request the ISO 27018 certification, please contact us.

CSA STAR

The CSA Security, Trust and Assurance Registry (STAR) encompasses the key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring. STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.

Click here to view our CSA STAR Level II Certification.

Privacy Shield

For certain Services, for which we act as a data processor, Netskope has certified under the EU-U.S. Privacy Shield framework. For more details about the scope of the certification, click here.

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

TRUSTe has assessed Netskope for compliance with the TRUSTe Privacy Certification. For more detail about our TRUSTe certifications, please click here.

Cloud Computing Compliance Controls Catalog (C5)

Cloud Computing Compliance Controls Catalog (C5) is a German Government-backed attestation scheme introduced in Germany by the Federal Office for Information Security (BSI) to help organizations demonstrate operational security against common cyber-attacks within the context of the German Government’s “Security Recommendations for Cloud Providers”.

To request the C5 copy please contact us.

California Consumer Privacy Act

Netskope supports the customer’s compliance for Processing covered by the California Consumer Privacy Act of 2018 (the “CCPA”). To confirm applicable aspects of the CCPA in connection with Customer’s use of the Services, Netskope has provided this Compliance Statement. This notice supplements the Netskope Privacy Policy.

Data Processing Addendum

View Netskope’s Customer Data Processing Addendum (DPA)

To execute Netskope’s Customer DPA please follow the instructions on page 1 of the DPA. Please return an executed copy of the DPA to [email protected].

For any questions or queries or to request a copy of the DPA in an alternative format, please contact us at [email protected].

AICPA SOC 2

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

To request for a copy of our SOC 2 Report, please contact us.

AICPA SOC 3

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

To request for a copy of our SOC 3 Report, please contact us.

FedRAMP

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program enables government agencies to adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT.

Click here to learn more about Netskope’s Authorization.

ISO 27001

The International Organization for Standardization 27001 Standard (ISO 27001) is an information security standard that ensures office sites, development centers, support centers and data centers are securely managed. These certifications run for 3 years (renewal audits) and have annual touch point audits (surveillance audits).

To request the ISO 27001 certification, please contact us.

ISO 27018

The International Organization for Standardization 27018 Standard (ISO 27018) covers privacy protections for the processing of personal information by cloud service providers.

To request the ISO 27018 certification, please contact us.

CSA STAR

The CSA Security, Trust and Assurance Registry (STAR) encompasses the key principles of transparency, rigorous auditing, harmonization of standards, with continuous monitoring. STAR consists of three levels of assurance, which currently cover four unique offerings all based upon a succinct yet comprehensive list of cloud-centric control objectives in the CSA’s Cloud Controls Matrix (CCM). CCM is the only meta-framework of cloud-specific security controls, mapped to leading standards, best practices and regulations. CCM provides organizations with the needed structure, detail and clarity relating to information security tailored to cloud computing.

Click here to view our CSA STAR Level II Certification.

Privacy Shield

For certain Services, for which we act as a data processor, Netskope has certified under the EU-U.S. Privacy Shield framework. For more details about the scope of the certification, click here.

The EU-U.S. Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce.

TRUSTe has assessed Netskope for compliance with the TRUSTe Privacy Certification. For more detail about our TRUSTe certifications, please click here.

Cloud Computing Compliance Controls Catalog (C5)

Cloud Computing Compliance Controls Catalog (C5) is a German Government-backed attestation scheme introduced in Germany by the Federal Office for Information Security (BSI) to help organizations demonstrate operational security against common cyber-attacks within the context of the German Government’s “Security Recommendations for Cloud Providers”.

To request the C5 copy please contact us.

California Consumer Privacy Act

Netskope supports the customer’s compliance for Processing covered by the California Consumer Privacy Act of 2018 (the “CCPA”). To confirm applicable aspects of the CCPA in connection with Customer’s use of the Services, Netskope has provided this Compliance Statement. This notice supplements the Netskope Privacy Policy.

Data Processing Addendum

View Netskope’s Customer Data Processing Addendum (DPA)

To execute Netskope’s Customer DPA please follow the instructions on page 1 of the DPA. Please return an executed copy of the DPA to [email protected].

For any questions or queries or to request a copy of the DPA in an alternative format, please contact us at [email protected].

Policies

At Netskope, we take our responsibility to protect our users’ information and the services we provide to them very seriously.

 

Linked below is our Privacy Policy and Vulnerability Disclosure Policy. The Privacy Statement describes how Netskope collects, uses, shares, and secures the personal information you provide. It also describes your choices regarding use, access and correction of your personal information. The Vulnerability Disclosure Policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.