fechar
fechar
Sua Rede do Amanhã
Sua Rede do Amanhã
Planeje seu caminho rumo a uma rede mais rápida, segura e resiliente projetada para os aplicativos e usuários aos quais você oferece suporte.
          Experimente a Netskope
          Coloque a mão na massa com a plataforma Netskope
          Esta é a sua chance de experimentar a plataforma de nuvem única do Netskope One em primeira mão. Inscreva-se em laboratórios práticos e individualizados, junte-se a nós para demonstrações mensais de produtos ao vivo, faça um test drive gratuito do Netskope Private Access ou participe de workshops ao vivo conduzidos por instrutores.
            Líder em SSE. Agora é líder em SASE de fornecedor único.
            Líder em SSE. Agora é líder em SASE de fornecedor único.
            A Netskope estreia como líder no Quadrante Mágico™ do Gartner® para Single-Vendor SASE
              Protegendo a IA generativa para leigos
              Protegendo a IA generativa para leigos
              Saiba como sua organização pode equilibrar o potencial inovador da IA generativa com práticas robustas de segurança de dados.
                E-book moderno sobre prevenção de perda de dados (DLP) para leigos
                Prevenção Contra Perda de Dados (DLP) Moderna para Leigos
                Obtenha dicas e truques para fazer a transição para um DLP fornecido na nuvem.
                  Livro SD-WAN moderno para SASE Dummies
                  SD-WAN moderno para leigos em SASE
                  Pare de brincar com sua arquitetura de rede
                    Compreendendo onde estão os riscos
                    O Advanced Analytics transforma a maneira como as equipes de operações de segurança aplicam insights orientados por dados para implementar políticas melhores. Com o Advanced Analytics, o senhor pode identificar tendências, concentrar-se em áreas de preocupação e usar os dados para tomar medidas.
                        Os 6 casos de uso mais atraentes para substituição completa de VPN herdada
                        Os 6 casos de uso mais atraentes para substituição completa de VPN herdada
                        O Netskope One Private Access é a única solução que permite que o senhor aposente sua VPN definitivamente.
                          A Colgate-Palmolive protege sua “propriedade intelectual "” com proteção de dados inteligente e adaptável
                          A Colgate-Palmolive protege sua “propriedade intelectual "” com proteção de dados inteligente e adaptável
                            Netskope GovCloud
                            Netskope obtém alta autorização do FedRAMP
                            Escolha o Netskope GovCloud para acelerar a transformação de sua agência.
                              Vamos fazer grandes coisas juntos
                              A estratégia de comercialização da Netskope, focada em Parcerias, permite que nossos Parceiros maximizem seu crescimento e lucratividade enquanto transformam a segurança corporativa.
                                Netskope solutions
                                Netskope Cloud Exchange
                                O Netskope Cloud Exchange (CE) oferece aos clientes ferramentas de integração poderosas para alavancar os investimentos em toda a postura de segurança.
                                  Suporte Técnico Netskope
                                  Suporte Técnico Netskope
                                  Nossos engenheiros de suporte qualificados estão localizados em todo o mundo e têm diversas experiências em segurança de nuvem, rede, virtualização, fornecimento de conteúdo e desenvolvimento de software, garantindo assistência técnica de qualidade e em tempo hábil.
                                    Vídeo da Netskope
                                    Treinamento Netskope
                                    Os treinamentos da Netskope vão ajudar você a ser um especialista em segurança na nuvem. Conte conosco para ajudá-lo a proteger a sua jornada de transformação digital e aproveitar ao máximo as suas aplicações na nuvem, na web e privadas.

                                      The Elephant in the Room. Lessons (we should have already learned) from the GOP Data Leak

                                      Jun 20 2017
                                      Tags
                                      Cloud Data Breach
                                      Cloud Security
                                      Issues and Concerns
                                      Risks
                                      Tools and Tips

                                      Yesterday it was revealed that personally identifiable information (PII) for roughly 61 percent of the US population was leaked by a marketing firm contracted by the Republican National Committee. Were state-sponsored attackers involved? Is this some strange twist to the DNC hack to appear bipartisan? (insert suspenseful crescendo here!)

                                      No. This is a whole lot simpler than that. This is, in fact, as basic as it gets. As it turns out, the marketing firm created a database in Amazon where they stored a ton (roughly 25 terabytes) of super secret stuff. And, as we’ve found out, this server was exposed publicly and they forgot to protect it with a password. Ouch.

                                      As reported by Gizmodo, home addresses, birthdates, phone numbers, and a slew of information about voters’ tendencies when it comes to hot-button issues like gun ownership, stem cell research, abortion, and potentially religious affiliation and ethnicity were exposed.

                                      Something I can’t help but reflect back on is a conversation I had recently with a well-known Gartner analyst covering the CASB space who said, “before I ever start talking with folks about any security tools, CASBs included, I ask them if they’ve got the basics covered, like IAM, proper privileged account precautions, and so on. Because if they can’t look me in the eye and say they’ve got that covered, then what’s the point of going after the emerging stuff? It’s like installing sophisticated surveillance in your home before you make sure your doors have locks.”

                                      I couldn’t agree more.

                                      Of course this isn’t all as cut and dried as I’m making it out to be. Things move fast. The way people work has changed and so has the way that we find, provision, and deprovision the services our people use. I can click two buttons and instantly integrate two cloud services together, and I never lifted a pixel towards my IT department for permission. Everything is “agile” now, and an innocent “test” instance can suddenly become your “production” instance in the blink of an eye. A database in AWS, for example, can suddenly become larger than 25 terabytes and contain data from Karl Rove’s super PAC. Could have easily been Azure or GCP since the average enterprise is using 4 or more IaaS services – but who’s counting. The reality is that somewhere at the end of a very heated call from the RNC is someone who “just forgot,” or “thought it had already been done,” or “didn’t check the permissions/exposure to know the data was exposed.” And yet how many of us would swear up and down that we are absolutely certain our teams would have enough working knowledge of the tools, combined with the right checks and balances to ensure this won’t happen to us? Not many of us, I think.

                                      Of course I’m delighted to work at a place that has ways to help you avoid an embarrassing situation like this. I’m also happy that Netskope has built this in a way that scales with the business, personnel changes, growth, and new challenges. Some of that is purely our technical advantage from a cloud security point of view and you can read more about that in the “Security Evolved” section of our website. In other cases, it’s a blend of the technology and practical knowledge gained through hundreds of CASB deployments. To be more specific, our Cloud Security Triage Process provides a practical approach to governing cloud services in four steps. At a high-level, you need to be able to safely sanction and safely permit certain unsanctioned cloud services with granular controls and handle things at a category level. Imagine if there had been a policy in place that examined permissions / access control for any AWS database being created and then prevented upload of sensitive data from any database exposed to the public without a password. That’d be pretty great, right? If might even make it ok if that elephant forgets a few things every now and then – even some of the basics.

                                       

                                      author image
                                      Netskope Staff
                                      Browse recent articles by Netskope Staff. Discover the latest trends and updates within the cloud and network space.
                                      Browse recent articles by Netskope Staff. Discover the latest trends and updates within the cloud and network space.

                                      Mantenha-se informado!

                                      Assine para receber as últimas novidades do Blog da Netskope