L’avenir du Zero Trust et du SASE, c’est maintenant ! Regarder à la demande

fermer
fermer
  • Pourquoi Netskope signe chevron

    Changer la façon dont le réseau et la sécurité fonctionnent ensemble.

  • Nos clients signe chevron

    Netskope sert plus de 3 000 clients dans le monde entier, dont plus de 25 entreprises du classement Fortune 100

  • Nos partenaires signe chevron

    Nous collaborons avec des leaders de la sécurité pour vous aider à sécuriser votre transition vers le cloud.

Meilleure capacité d'exécution. Le plus loin dans sa vision.

Netskope nommé leader dans le rapport Magic Quadrant™️ 2023 pour SSE de Gartner®.

Recevoir le rapport
Netskope nommé leader dans le rapport Magic Quadrant™️ 2023 pour SSE de Gartner®.
Nous parons nos clients à l'avenir, quel qu'il soit

Voir nos clients
Woman smiling with glasses looking out window
La stratégie de commercialisation de Netskope privilégie ses partenaires, ce qui leur permet de maximiser leur croissance et leur rentabilité, tout en transformant la sécurité des entreprises.

En savoir plus sur les partenaires de Netskope
Group of diverse young professionals smiling
Votre réseau de demain

Planifiez votre chemin vers un réseau plus rapide, plus sûr et plus résilient, conçu pour les applications et les utilisateurs que vous prenez en charge.

Obtenir le livre blanc
Votre réseau de demain
Présentation de la plate-forme Netskope One

Netskope One est une plate-forme cloud native qui offre des services de sécurité et de mise en réseau convergents pour faciliter votre transformation SASE et Zero Trust.

En savoir plus sur Netskope One
Abstrait avec éclairage bleu
Adopter une architecture SASE (Secure Access Service Edge)

Netskope NewEdge est le nuage privé de sécurité le plus grand et le plus performant au monde. Il offre aux clients une couverture de service, des performances et une résilience inégalées.

Découvrez NewEdge
NewEdge
Netskope Cloud Exchange

Le Netskope Cloud Exchange (CE) fournit aux clients des outils d'intégration puissants pour optimiser les investissements dans l'ensemble de leur infrastructure de sécurité.

En savoir plus sur Cloud Exchange
Vidéo Netskope
La plateforme du futur est Netskope

Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), et Private Access for ZTNA intégrés nativement dans une solution unique pour aider chaque entreprise dans son cheminement vers l'architecture Secure Access Service Edge (SASE).

Présentation des produits
Vidéo Netskope
Next Gen SASE Branch est hybride - connectée, sécurisée et automatisée

Netskope Next Gen SASE Branch fait converger Context-Aware SASE Fabric, Zero-Trust Hybrid Security et SkopeAI-Powered Cloud Orchestrator dans une offre cloud unifiée, ouvrant la voie à une expérience de succursale entièrement modernisée pour l'entreprise sans frontières.

En savoir plus Next Gen SASE Branch
Personnes au bureau de l'espace ouvert
La conception d'une architecture SASE pour les nuls

Obtenez votre exemplaire gratuit du seul guide consacré à la conception d'une architecture SASE dont vous aurez jamais besoin.

Obtenir l'EBook
Optez pour les meilleurs services de sécurité cloud du marché, avec un temps de latence minimum et une fiabilité élevée.

Découvrez NewEdge
Lighted highway through mountainside switchbacks
Permettez en toute sécurité l'utilisation d'applications d'IA générative grâce au contrôle d'accès aux applications, à l'accompagnement des utilisateurs en temps réel et à une protection des données de premier ordre.

Découvrez comment nous sécurisons l'utilisation de l'IA générative
Autorisez ChatGPT et l’IA générative en toute sécurité
Solutions Zero Trust pour les déploiements du SSE et du SASE

En savoir plus sur la confiance zéro
Boat driving through open sea
Netskope obtient l'autorisation FedRAMP High Authorization

Choisissez Netskope GovCloud pour accélérer la transformation de votre agence.

En savoir plus sur Netskope GovCloud
Netskope GovCloud
  • Ressources signe chevron

    Découvrez comment Netskope peut vous aider à sécuriser votre migration vers le Cloud.

  • Blog signe chevron

    Découvrez comment Netskope permet la transformation de la sécurité et de la mise en réseau grâce à la périphérie des services de sécurité (SSE)

  • Événements et ateliers signe chevron

    Restez à l'affût des dernières tendances en matière de sécurité et créez des liens avec vos pairs.

  • Définition de la sécurité signe chevron

    Tout ce que vous devez savoir dans notre encyclopédie de la cybersécurité.

Podcast Security Visionaries

How to Use a Magic Quadrant and Other Industry Research
Dans cet épisode, Max Havey, Steve Riley et Mona Faulkner dissèquent le processus complexe de création d’un Magic Quadrant et pourquoi c’est bien plus qu’un simple graphique.

Écouter le podcast
Comment utiliser un Magic Quadrant et d’autres podcasts de recherche sur l’industrie
Derniers blogs

Découvrez comment Netskope peut faciliter la transition vers le Zero Trust et le SASE grâce aux fonctionnalités de sécurité en périphérie des services (SSE).

Lire le blog
Sunrise and cloudy sky
SASE Week 2023 : Votre voyage SASE commence maintenant !

Retrouvez les sessions de la quatrième édition annuelle de SASE Week.

Explorer les sessions
SASE Week 2023
Qu'est-ce que le Security Service Edge ?

Découvrez le côté sécurité de SASE, l'avenir du réseau et de la protection dans le cloud.

En savoir plus sur Security Service Edge
Four-way roundabout
  • Entreprise signe chevron

    Nous vous aidons à conserver une longueur d'avance sur les défis posés par le cloud, les données et les réseaux en matière de sécurité.

  • Équipe de direction signe chevron

    Nos dirigeants sont déterminés à faciliter la réussite de nos clients.

  • Solutions pour les clients signe chevron

    Nous sommes là pour vous et avec vous à chaque étape, pour assurer votre succès avec Netskope.

  • Formation et certification signe chevron

    Avec Netskope, devenez un expert de la sécurité du cloud.

Soutenir le développement durable par la sécurité des données

Netskope est fière de participer à Vision 2045 : une initiative visant à sensibiliser au rôle de l'industrie privée dans le développement durable.

En savoir plus
Soutenir le développement durable grâce à la sécurité des données
Penseurs, concepteurs, rêveurs, innovateurs. Ensemble, nous fournissons le nec plus ultra des solutions de sécurité cloud afin d'aider nos clients à protéger leurs données et leurs collaborateurs.

Rencontrez notre équipe
Group of hikers scaling a snowy mountain
L’équipe de services professionnels talentueuse et expérimentée de Netskope propose une approche prescriptive pour une mise en œuvre réussie.

En savoir plus sur les services professionnels
Services professionnels Netskope
Sécurisez votre parcours de transformation numérique et tirez le meilleur parti de vos applications cloud, Web et privées grâce à la formation Netskope.

En savoir plus sur les formations et les certifications
Group of young professionals working

Empowering Secure Cloud Adoption: A Response to the NSA and CISA Cybersecurity Guidelines

Mar 12 2024

In the ever-evolving landscape of cybersecurity, the collaborative effort between the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) in issuing five joint Cybersecurity Information Sheets (CSIs) marks a significant milestone in guiding organizations towards secure cloud adoption. These documents serve as a testament to the critical nature of securing cloud services in an era where digital transformation is not just an option, but a necessity. As the Director of Security Transformation at Netskope, I find these guidelines not only timely but closely aligned with our mission to provide comprehensive security solutions in the cloud, data, and cyber realms. In fact, we are helping customers secure data in the cloud in even more clever ways than the baseline recommendations in these information sheets. Let me walk through how these recommendations map onto Netskope’s approach and technology.

1. Secure Cloud Identity and Access Management Practices

The first CSI emphasizes the importance of secure cloud identity and access management practices. With the rise of sophisticated attacks targeting cloud identities, the adoption of robust mechanisms like multi-factor authentication (MFA) and stringent credential storage practices is paramount. At Netskope, we resonate with this approach through our Adaptive Access Control and seamless integration with cloud identity providers. 

The key advantage of incorporating user confidence scores is the ability to continuously adapt security measures based on granular insights into the changing behaviors of user identities. When a user starts exhibiting behaviors that deviate from their usual pattern or resemble those of a threat actor—such as accessing sensitive data at unusual times or from unusual locations—Netskope’s policies can automatically adjust.

By leveraging more than 100 User and Entity Behavior Analytics (UEBA) policies, organziations can generate unique user confidence scores for each of an organization’s users, then integrate this into the Netskope real-time protection policies. Doing so allows Netskope to dynamically assess the risk associated with each user’s actions, and then deliver the right access control policy for your organization’s risk appetite.

2. Secure Cloud Key Management Practices

The second CSI focuses on the critical aspect of key management in cloud environments, underscoring the importance of understanding and documenting shared security responsibilities. Netskope gives its customers full control over encryption keys by supporting third-party hardware security modules (HSM) in these ways:

  • Storing the key that corresponds to a certificate which in turn signs generated certificates used for inspecting TLS traffic
  • Storing keys generated for encrypting structured and unstructured data

As many industries are subject to strict regulatory requirements regarding data protection and privacy, using an HSM to manage encryption keys helps organizations comply with these regulations by ensuring that the keys are securely managed and not exposed to third-party cloud providers.

The logical security measures provided by HSMs protect against a wide range of attacks, including tampering and exploitation attempts. This ensures that encryption keys remain secure, even in the event of a breach elsewhere in the IT environment.

In the current digital age, where data breaches and cybersecurity threats are increasingly common, securing sensitive data in the cloud has become paramount. Netskope’s support for hardware security modules empowers organizations to take control of their encryption key management, offering a secure, compliant, and flexible solution that aligns with the NSA and CISA’s recommendations for secure cloud key management practices. This approach not only enhances an organization’s cloud security posture but also builds trust with customers and stakeholders by demonstrating a commitment to protecting sensitive information.

3. Network Segmentation and Encryption in Cloud Environments

Implementing network segmentation and encryption in cloud environments is the focus of the third CSI. Netskope’s secure access service edge (SASE) is a comprehensive cloud security service that delivers network segmentation and encryption in all cloud and on-premise environments. With the rise of cloud services exponentially increasing the complexity of managing and securing enterprise networks, and with 74% of data theft coming from the movement of corporate data to personal instances of approved cloud applications, this complexity underscores the need for robust solutions like Netskope’s Next Gen Secure Web Gateway (NG-SWG) with instance awareness.

Instance awareness allows Netskope’s NG-SWG to distinguish between different instances of the same cloud application. For example, it can differentiate between an organization’s official instance of a cloud storage application and personal or third-party instances accessed by the user.

By leveraging instance awareness, Netskope NG-SWG can enforce policies that prevent users from accessing unauthorized, third-party, or personal instances of cloud applications. This capability is crucial for preventing data exfiltration and ensuring that sensitive corporate data remains within sanctioned environments. When a user attempts to access an unsanctioned instance, the NG-SWG can block access or redirect the user to an approved instance, significantly reducing the risk of data theft or leakage.

Netskope Borderless SD-WAN (BWAN) extends the concept of network segmentation beyond traditional network perimeters, catering to the needs of a modern workforce that operates from varying locations and uses a multitude of devices. Netskope BWAN ensures network segmentation for any device by encapsulating each session in a secure and encrypted tunnel. This segmentation extends to all applications and data, whether hosted in the cloud or on-premises, effectively isolating critical resources from unauthorized access.

4. Secure Data in the Cloud

The fourth CSI addresses the vital aspect of securing data in the cloud. Netskope’s Data Loss Prevention (DLP) capabilities are at the forefront of this challenge, offering comprehensive protection across SaaS, IaaS, private applications, and more, as well as the ability to support the huge variance in regional and sector DLP requirements.

Netskope DLP includes over 3,000 industry and region-specific data profiles so are tailored to meet the unique compliance requirements and business needs of various organizations. This vast library of data profiles enables businesses to quickly identify and protect sensitive information relevant to their specific industry or geographic location, facilitating faster return on investment and ensuring compliance with regional data protection laws and regulations. This capability aligns with the NSA and CISA’s advice on securing data from unauthorized access and adhering to legal and regulatory requirements.

Going one step further, Netskope’s DLP also leverages 27 machine learning classifiers, exact data matching, and a customizable classifier engine. This advanced technology allows for organizations to create data classifiers unique to them, allowing the precise detection and protection of sensitive data, reducing the risk of false positives and ensuring that security measures do not hinder legitimate business processes. The ability to train your own classifier further aligns Netskope DLP with each customer’s specific data protection needs.

Netskope DLP also provides extensive coverage across a variety of environments, including software-as-a-service (SaaS), the web, infrastructure-as-a-service (IaaS), private applications, and even endpoint devices like USBs, printers, and email systems. This wide-ranging coverage ensures that sensitive data is protected regardless of where it resides or how it’s being accessed. By securing data across these diverse environments, Netskope helps organizations meet the NSA and CISA’s recommendations to include the encryption of data at rest and in transit, and the implementation of strict access controls.

Netskope’s approach to user notifications offers an innovative alternative to traditional hard blocks. By notifying users when they attempt to perform a risky action, such as accessing unauthorized data or violating a DLP policy, Netskope not only prevents potential security breaches but also educates users on correct security practices. This feature allows for the integration of Netskope’s security solutions with an organization’s broader security program, delivering security awareness training and coaching directly to users. This method of proactive user engagement supports the NSA and CISA’s recommendations for enhancing the overall security culture within organizations.

5. Mitigating Risks from Managed Service Providers in Cloud Environments

The final CSI discusses the risks associated with Managed Service Providers (MSPs) in cloud environments. Mitigating risks from MSPs in cloud environments is crucial, as these entities often have high levels of access to customer networks, making them attractive targets for threat actors.

A key component of the Netskope Zero Trust Engine, Netskope’s ZTNA solution is designed to ensure that contractors and MSPs only gain access to the specific internal applications they require for their work and not the entire network. This approach significantly limits the attack surface by applying the principle of least privilege at the network level. By verifying the identity and context of each access request, ZTNA ensures that only authorized users can access designated resources, preventing lateral movement within the network that could lead to broader security incidents.

Netskope’s advanced role-based access control (RBAC) capabilities take access control a step further by providing granular permissions tailored to the specific roles and responsibilities of MSP admins. This ensures that MSP personnel can only access the areas of the customer’s cloud environment necessary for their tasks, reducing the risk of unauthorized access to sensitive areas.

Beyond controlling access, Netskope’s advanced RBAC capabilities include options for obfuscating sensitive internal information. This feature is particularly important when dealing with DLP forensics or employee information that MSPs might encounter during their operations. By obfuscating this data, Netskope ensures that MSPs can perform necessary tasks without exposing them to sensitive information, thereby protecting the privacy of the organization’s data and its employees. This level of data protection is crucial for maintaining confidentiality and compliance with data protection regulations.

Conclusion

The release of the NSA and CISA’s Cybersecurity Information Sheets is a call to action for organizations to bolster their cloud security practices. At Netskope, we are proud to offer solutions that not only align with these guidelines but also empower our customers to navigate the complexities of cloud security with confidence. As we continue to innovate and adapt in response to the ever-changing cybersecurity landscape, our commitment to securing our customers’ cloud journeys remains steadfast. Together, we can achieve a more secure digital future.

author image
Michael Ferguson
Michael Ferguson is a highly customer-focused security professional, having worked in the cybersecurity industry for more than 15 years across the Asia Pacific Region.

Stay informed!

Subscribe for the latest from the Netskope Blog