EmpresaSeguridad y confianza

Seguridad y confianza

Founded and built by industry veterans with decades of success in enterprise security, Netskope has taken information security and compliance very seriously since day one.

Seguridad

As the cloud security leader serving the world’s largest and most valuable customers, we have directed significant resources to ensure that our data centers, hardware, software, and processes are secure, redundant, meet the most rigorous standards, and deliver the high performance even our most stringent customers require. Our Global Cloud Infrastructure and data center hosting providers employ state-of-the-art physical security controls and we regularly engage independent auditors to ensure the highest level of compliance with best-of-breed frameworks and standards.

Meet our
security experts

Netskope has an established Information Security Committee that regularly convenes to review Netskope product engineering, security operations, and personnel processes against a comprehensive set of industry frameworks and standards. Should you have any questions or concerns, don’t hesitate to reach out to us at [email protected].

Jason Clark

Chief Strategy Officer

James Christiansen

Vice President, Cloud Security Transformation

Lamont Orange

CISO

Neil Thacker

CISO, EMEA

David Fairman

CSO APAC

Nathan Smolenski

Director, Enterprise Strategy CISSP, CISM, CISA

James Robinson

Deputy CISO

Forrest McMahon

Global GRC Officer

Vladimir Klasnja

Director, Cloud Architecture Services

Damian Chung

Business Information Security Officer

Jason Clark

Chief Strategy Officer

Jason brings decades of experience building and executing successful strategic security programs to Netskope.

He was previously the chief security and strategy officer for Optiv, developing a comprehensive suite of solutions to help CXO executives enhance their security strategies and accelerate alignment of those strategies with the business. Prior to Optiv, Clark held a leadership role at Websense, where he was a driving force behind the company’s transformation into a provider of critical technology for chief information security officers (CISOs). In a prior role as CISO and vice president of infrastructure for Emerson Electric, Clark significantly decreased the company’s risk by developing and executing a successful security program for 140,000 employees across 1,500 locations. He was previously CISO for The New York Times, and has held security leadership and technical roles at EverBank, BB&T and the U.S. Army.

James Christiansen

Vice President, Cloud Security Transformation

James Christiansen is Netskope’s vice president of cloud security transformation and leader of the Chief Strategy Office. He is focused on Netskope’s global strategy to drive thought leadership in cloud security transformation.

James brings extensive expertise as a global leader in information security. Prior to joining Netskope, he was vice president CISO at Teradata where he led the global security, physical, and information security teams. Previously, James was vice president of information risk management at Optiv, chief information risk officer for Evantix, and CISO at Experian Americas, General Motors, and Visa International.

As a sought-after expert speaker on security, James has been featured at numerous prestigious events, including the Business Roundtable, Research Board, American Bar Association, American Banker, the RSA Conference, BankInfoSecurity, ISSA, ISACA, HIMSS, and MIS Training Institute. He has also been featured in The New York Times and quoted as an expert in USA Today, The Wall Street Journal, Reuters, United States Cybersecurity Magazine, Bloomberg, and Healthcare IT News.

James is a patent inventor and has received three innovation awards in cyber security, GRC, and cloud computing. He is the author of the Internet Survival Series and contributing author of CISO Essentials, as well as numerous industry papers.

He earned his master’s degree in business administration with a focus on international management and his bachelor’s degree in business management from Westminster College.

Lamont Orange

CISO

Lamont has more than 20 years of experience in the information security industry, having previously served as vice president of enterprise security for Charter Communications (now Spectrum) and as senior manager for the security and technology services practice at Ernst & Young.

Prior to joining Netskope, Orange was CISO for Vista Equity Partners/Vista Consulting Group. He was responsible for managing the cybersecurity programs and development of cybersecurity talent within the Vista portfolio, which included more than 50 companies. Prior to Vista, Lamont was Information Security Officer for Websense. In that role, he was responsible for developing, maintaining and socializing the company’s internal security program. He was also responsible for working with current and potential customers demonstrating security of the solutions and the connection to the overall security ecosystem.

Neil Thacker

CISO, EMEA

Neil is a veteran information security professional and a data protection and privacy expert well-versed in the European Union General Data Protection Regulation (EU GDPR).

He holds more than 20 years of experience in the information security industry with 15 years experience as a leading security practitioner for organisations like Deutsche Bank, Swiss Re and Camelot Group before spending the past five years as Deputy CISO for Forcepoint. Thacker is a member of the ENISA Threat Landscape stakeholder group where he contributes to the EU agency program alongside CERTs to position the threat landscape, offer mitigation advice and threat analysis innovation.

He is also co-founder and board member of the Security Advisor Alliance, a not-for-profit organisation formed to help security leaders in their role, engage and support interest in the infosec industry and offer advice and tools to move organisations towards improved risk and data-centric strategies.

David Fairman

CSO APAC

David Fairman is an experienced CSO/CISO, strategic advisory, investor and coach. He has extensive experience in the global financial services sector. At NAB, David was the Chief Security Officer (CSO) owning all aspects of Physical Security, Fraud, Investigations and Cyber Security. Prior to NAB, he was the Group Chief Information Security Officer (CISO) for the Royal Bank of Canada. David has been a senior leader at JP Morgan Chase & Co as Deputy Technology Controls Officer and Global Head of Technology Risk and Control. David has also held several senior roles at the Royal Bank of Scotland (RBS), including CISO RBS Americas and Head of Information Security EMEA.

David was raised and educated in Australia where he received his Bachelor of Information Technology in Software Engineering and Computer Science. He holds a Masters of Business Administration and a Masters of Project Management. David began his career in Information Security while serving in the Royal Australian Air Force’s Electronic Warfare and Communications group, where he gained valuable experience in the technology, policy and process aspects of security and risk management.  Subsequently, David worked in a variety of roles in technology and cyber, including in the utilities sector (gas and electricity). David holds a number of positions on boards of directors and was a founding member of the Security Advisor Alliance (www.securityadvisoralliance.org), and the Canadian Cyber Threat Exchange. During his tenure at NAB, David was the Chair for the Board of Directors for the Australian Financial Crimes Exchange. David also advises a number of VC funds and Cyber Security companies.

In 2015, David was named as one of the Top 10 CISOs to know, and is seen as a thought leader in the cyber security industry as profiled by K-Logix.

David co-authored “Cyber Risk” (2016), and co-edited “Fintech: Growth and Deregulation” (2018) published by Risk Books.

David is passionate about education. He has held Adjunct Professorships at both the University of New York and the University of Toronto and is currently working with Deakin University in Australia.

Nathan Smolenski

Director, Enterprise Strategy CISSP, CISM, CISA

Nathan is an experienced CISO & risk management and technology leader with over 19 years of experience across financial services, management consulting, insurance, and software industry verticals.

Nathan currently serves as Director, Head of Enterprise Security Strategy as a member of the global strategy team at Netskope, focused on digital transformation and the impacts on cybersecurity programs and strategies. Nathan also focuses on security research, technology evolution, leadership enrichment, and mentoring.

Nathan started his career in security and risk management as Head of Operational Risk Management at Bank Julius Baer & Co, NY. In the years that followed, Nathan served as the CISO for 21st Century Insurance, a Farmers Insurance Company. Eventually, Nathan took over as CISO of Zurich North America with cybersecurity responsibility for all of the Zurich Insurance brands across the US and Canada. Following Zurich North America, Nathan became the first CISO/CSO of the global management consulting firm Spencer Stuart, building the firm’s first enterprise security program covering 70 offices in over 30 countries. Lastly, before joining Netskope, Nathan served as the Head of Technology Security Strategy, Architecture, and Engineering for the NY Life Insurance Company.

Nathan maintains the CISSP, CISA, and CISM designations and has an educational background in business, technology, homeland security, and emergency preparedness. Nathan served as a member of Zurich’s global security leadership team that received an RSA award for ‘Excellence in the field of information security’ in 2014 and was a 2016 nominee for The City of Chicago’s CISO of the Year. Nathan also actively serves as a board member and mentor for several technology companies and as a board advisor to Ithaca College to develop their cybersecurity educational program.

James Robinson

Deputy CISO

Robinson es un profesional experimentado con casi 20 años de experiencia en ingeniería de seguridad, arquitectura y estrategia. Desarrolla y ofrece un conjunto completo de servicios y soluciones estratégicas que ayudan a los ejecutivos a cambiar sus estrategias de seguridad a través de la innovación.

Antes de trabajar en Netskope, Robinson fue vicepresidente de gestión de riesgos de terceros en Optiv, donde trabajó como colaborador principal en iniciativas estratégicas internas, incluyendo gestión de amenazas, gestión de riesgos, gestión de riesgos de terceros, gestión de vulnerabilidades y protección de programas de datos. Antes de Optiv, fue el oficial de arquitectura y estrategia de seguridad de Websense. También se ocupó anteriormente de la seguridad de productos en Emerson Network Power, una división de Emerson Electric Company, donde construyó la primera organización de seguridad de productos de la compañía, incluyendo modelos de programas y referencias, que luego fueron adoptados por la oficina del CTO de Emerson Electric.

Ha ocupado cargos de creciente responsabilidad en otras compañías de Fortune 500 como Anheuser-Busch y State Farm Insurance, donde dirigió una de las pruebas de intrusión más exitosas en la historia de la compañía.

A lo largo de su carrera, Robinson ha ayudado a las empresas a planificar, construir y ejecutar programas de seguridad, y ha desarrollado soluciones para la arquitectura de redes y la seguridad de aplicaciones, pruebas de intrusión, respuesta a incidentes, seguridad y evaluación de riesgos, investigaciones e investigaciones forenses y seguridad de productos. Estudió en la Universidad de Webster, donde cursó estudios de administración de empresas y tiene varias certificaciones técnicas.

Forrest McMahon

Global GRC Officer

Forrest has over 20 years of experience in the information security industry helping organizations develop and mature comprehensive programs and technical solutions to meet their security and compliance objectives. He has led Netskope’s Governance Risk and Compliance (GRC) programs for the past three years achieving ISO and FedRAMP certifications and assisting customers to effectively leverage Netskope for their GRC requirements. Prior to joining Netskope, Forrest led a security and compliance services delivery practice with Coalfire Systems focusing on cloud service providers.

During his career, Forrest has helped companies assess, plan, build and run security and GRC programs and has developed and implemented solutions and strategies to address compliance and risk management, network architecture, and technical solutions across all information security domains.

Vladimir Klasnja

Director, Cloud Architecture Services

Vladimir Klasnja es un líder tecnológico experimentado con una gran experiencia en empresas, seguridad y arquitectura de nube. Klasnja se dedica a incorporar su pasión por el pensamiento estratégico con la creación de soluciones holísticas para satisfacer las complejas necesidades de los negocios. Klasnja hace uso de su experiencia para ayudar a los ejecutivos de seguridad a alcanzar el éxito dentro de sus respectivas organizaciones con respecto a la arquitectura de nube y la transformación digital.

Antes de unirse a Netskope, Klasnja supervisó el Programa de Protección de Datos y Privacidad de Optiv, fue miembro del Grupo Asesor Ejecutivo y dirigió la práctica de Seguridad en la Nube de la organización.

Antes de Optiv, Klasnja estuvo ocho años en Emerson Electric, donde fue un líder clave en arquitectura empresarial, impulsando la innovación estratégica para la experiencia del usuario, la movilidad, la seguridad y la nube.

Klasnja es miembro de St. Louis 630 Cyber, en donde disfruta como mentor de startups de seguridad cibernética. También participa activamente en la Security Advisory Alliance (SAA), ayudando a impulsar a las futuras generaciones de profesionales de la seguridad cibernética.

Klasnja obtuvo su licenciatura en economía en la Universidad de Belgrado y tiene un título técnico en Automática/Robótica.

Damian Chung

Business Information Security Officer

Damian Chung is a cybersecurity leader with over ten years of security experience focused in healthcare.

As the Business Information Security Officer at Netskope, Damian is responsible for overseeing corporate security tools and processes and acts as the subject matter expert in the healthcare vertical. He also serves as an adjunct professor for the cybersecurity program at the University of Advancing Technologies in Tempe, AZ.

Prior to Netskope, Chung was the Sr. Director, Cybersecurity Engineering at Dignity Health where he implemented multiple cybersecurity controls and helped mature their security program by developing a healthcare-focused security roadmap.

Additionally, Damian has held the role of VP of IT, Cloud Security & Compliance for a healthcare technology company where he built a HIPAA compliant cloud service. Damian has an MSc from Arizona State.

Cumplimiento normativo

AICPA SOC 2

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

Para solicitar una copia de nuestro Informe SOC 2, póngase en contacto con nosotros

AICPA SOC 3

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

To request for a copy of our SOC 3 Report, please contact us.

FedRAMP

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program enables government agencies to adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT.

Click here to learn more about Netskope’s Authorization.

ISO 27001

La Norma 27001 de la Organización Internacional de Normalización (ISO 27001) es una norma de seguridad de la información que garantiza que los centros de oficina, los centros de desarrollo, los centros de soporte y los centros de datos se gestionen de forma segura. Estas certificaciones tienen una duración de 3 años (auditorías de renovación) y tienen auditorías anuales de punto de contacto (auditorías de vigilancia).

Para solicitar la certificación ISO 27001, por favor contáctenos.

ISO 27018

La norma de la Organización Internacional de Normalización 27018 (ISO 27018) cubre las protecciones de privacidad para el procesamiento de información personal por parte de los proveedores de servicios cloud.

Para solicitar la certificación ISO 27018, por favor contáctenos.

CSA STAR

CSA Security, Trust and Assurance Registry (STAR) abarca los principios clave de transparencia, auditoría rigurosa, armonización de normas y monitorización continua. STAR consta de tres niveles de garantía, que actualmente cubren cuatro ofertas únicas, todas ellas basadas en una lista sucinta pero completa de objetivos de control centrados en CSA’s Cloud Controls Matrix (CCM). CCM es el único meta-framework de controles de seguridad específicos de la nube, diseñado de acuerdo con los principales estándares, mejores prácticas y regulaciones. CCM proporciona a las organizaciones la estructura, los detalles y la claridad necesarios en relación con la seguridad de la información adaptada al cloud computing.

Click here to view our CSA STAR Level II Certification.

Protección de la privacidad

For certain Services, for which we act as a data processor, Netskope has certified under the EU-U.S. Privacy Shield framework. For more details about the scope of the certification, click here.

El marco EU-U.S. Privacy Shield Framework fue diseñado por el Departamento de Comercio de EE.UU. y la Comisión Europea para proporcionar a las empresas de ambos lados del Atlántico un mecanismo para cumplir con los requisitos de protección de datos de la UE al transferir datos personales de la Unión Europea a los Estados Unidos en apoyo del comercio transatlántico.

TRUSTe has assessed Netskope for compliance with the TRUSTe Privacy Certification. For more detail about our TRUSTe certifications, please click here.

Cloud Computing Compliance Controls Catalog (C5)

Cloud Computing Compliance Controls Catalog (C5) es un esquema de certificación respaldado por el gobierno alemán introducido en Alemania por la Oficina Federal de Seguridad de la Información (BSI) para ayudar a las organizaciones a demostrar la seguridad operativa contra los ciberataques más comunes en el contexto de las "Recomendaciones de seguridad para proveedores de servicios de computación en la nube" del gobierno alemán.

Para solicitar la copia C5, por favor contacte con nosotros.

California Consumer Privacy Act

Netskope supports the customer’s compliance for Processing covered by the California Consumer Privacy Act of 2018 (the “CCPA”). To confirm applicable aspects of the CCPA in connection with Customer’s use of the Services, Netskope has provided this Compliance Statement. This notice supplements the Netskope Privacy Policy.

Data Processing Addendum

View Netskope’s Customer Data Processing Addendum (DPA)

To execute Netskope’s Customer DPA please follow the instructions on page 1 of the DPA. Please return an executed copy of the DPA to [email protected].

For any questions or queries or to request a copy of the DPA in an alternative format, please contact us at [email protected].

AICPA SOC 2

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

Para solicitar una copia de nuestro Informe SOC 2, póngase en contacto con nosotros

AICPA SOC 3

Netskope System & Organization Control (SOC) Reports are independent third-party examination reports that demonstrate how Netskope achieves key compliance controls and objectives. The purpose of these reports is to help you and your auditors understand the Netskope controls established to support operations and compliance. Learn More.

To request for a copy of our SOC 3 Report, please contact us.

FedRAMP

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. The program enables government agencies to adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT.

Click here to learn more about Netskope’s Authorization.

ISO 27001

La Norma 27001 de la Organización Internacional de Normalización (ISO 27001) es una norma de seguridad de la información que garantiza que los centros de oficina, los centros de desarrollo, los centros de soporte y los centros de datos se gestionen de forma segura. Estas certificaciones tienen una duración de 3 años (auditorías de renovación) y tienen auditorías anuales de punto de contacto (auditorías de vigilancia).

Para solicitar la certificación ISO 27001, por favor contáctenos.

ISO 27018

La norma de la Organización Internacional de Normalización 27018 (ISO 27018) cubre las protecciones de privacidad para el procesamiento de información personal por parte de los proveedores de servicios cloud.

Para solicitar la certificación ISO 27018, por favor contáctenos.

CSA STAR

CSA Security, Trust and Assurance Registry (STAR) abarca los principios clave de transparencia, auditoría rigurosa, armonización de normas y monitorización continua. STAR consta de tres niveles de garantía, que actualmente cubren cuatro ofertas únicas, todas ellas basadas en una lista sucinta pero completa de objetivos de control centrados en CSA’s Cloud Controls Matrix (CCM). CCM es el único meta-framework de controles de seguridad específicos de la nube, diseñado de acuerdo con los principales estándares, mejores prácticas y regulaciones. CCM proporciona a las organizaciones la estructura, los detalles y la claridad necesarios en relación con la seguridad de la información adaptada al cloud computing.

Click here to view our CSA STAR Level II Certification.

Protección de la privacidad

For certain Services, for which we act as a data processor, Netskope has certified under the EU-U.S. Privacy Shield framework. For more details about the scope of the certification, click here.

El marco EU-U.S. Privacy Shield Framework fue diseñado por el Departamento de Comercio de EE.UU. y la Comisión Europea para proporcionar a las empresas de ambos lados del Atlántico un mecanismo para cumplir con los requisitos de protección de datos de la UE al transferir datos personales de la Unión Europea a los Estados Unidos en apoyo del comercio transatlántico.

TRUSTe has assessed Netskope for compliance with the TRUSTe Privacy Certification. For more detail about our TRUSTe certifications, please click here.

Cloud Computing Compliance Controls Catalog (C5)

Cloud Computing Compliance Controls Catalog (C5) es un esquema de certificación respaldado por el gobierno alemán introducido en Alemania por la Oficina Federal de Seguridad de la Información (BSI) para ayudar a las organizaciones a demostrar la seguridad operativa contra los ciberataques más comunes en el contexto de las "Recomendaciones de seguridad para proveedores de servicios de computación en la nube" del gobierno alemán.

Para solicitar la copia C5, por favor contacte con nosotros.

California Consumer Privacy Act

Netskope supports the customer’s compliance for Processing covered by the California Consumer Privacy Act of 2018 (the “CCPA”). To confirm applicable aspects of the CCPA in connection with Customer’s use of the Services, Netskope has provided this Compliance Statement. This notice supplements the Netskope Privacy Policy.

Data Processing Addendum

View Netskope’s Customer Data Processing Addendum (DPA)

To execute Netskope’s Customer DPA please follow the instructions on page 1 of the DPA. Please return an executed copy of the DPA to [email protected].

For any questions or queries or to request a copy of the DPA in an alternative format, please contact us at [email protected].

Policies

At Netskope, we take our responsibility to protect our users’ information and the services we provide to them very seriously.

 

Linked below is our Privacy Policy and Vulnerability Disclosure Policy. The Privacy Statement describes how Netskope collects, uses, shares, and secures the personal information you provide. It also describes your choices regarding use, access and correction of your personal information. The Vulnerability Disclosure Policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.