In the ever-evolving landscape of cybersecurity, the collaborative effort between the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) in issuing five joint Cybersecurity Information Sheets (CSIs) marks a significant milestone in guiding organizations towards secure cloud adoption. These documents serve as a testament to the critical nature of securing cloud services in an era where digital transformation is not just an option, but a necessity. As the Director of Security Transformation at Netskope, I find these guidelines not only timely but closely aligned with our mission to provide comprehensive security solutions in the cloud, data, and cyber realms. In fact, we are helping customers secure data in the cloud in even more clever ways than the baseline recommendations in these information sheets. Let me walk through how these recommendations map onto Netskope’s approach and technology.
1. Secure Cloud Identity and Access Management Practices
The first CSI emphasizes the importance of secure cloud identity and access management practices. With the rise of sophisticated attacks targeting cloud identities, the adoption of robust mechanisms like multi-factor authentication (MFA) and stringent credential storage practices is paramount. At Netskope, we resonate with this approach through our Adaptive Access Control and seamless integration with cloud identity providers.
The key advantage of incorporating user confidence scores is the ability to continuously adapt security measures based on granular insights into the changing behaviors of user identities. When a user starts exhibiting behaviors that deviate from their usual pattern or resemble those of a threat actor—such as accessing sensitive data at unusual times or from unusual locations—Netskope’s policies can automatically adjust.
By leveraging more than 100 User and Entity Behavior Analytics (UEBA) policies, organziations can generate unique user confidence scores for each of an organization’s users, then integrate this into the Netskope real-time protection policies. Doing so allows Netskope to dynamically assess the risk associated with each user’s actions, and then deliver the right access control policy for your organization’s risk appetite.
2. Secure Cloud Key Management Practices
The second CSI focuses on the critical aspect of key management in cloud environments, underscoring the importance of understanding and documenting shared security responsibilities. Netskope gives its customers full control over encryption keys by supporting third-party hardware security modules (HSM) in these ways:
- Storing the key that corresponds to a certificate which in turn signs generated certificates used for inspecting TLS traffic
- Storing keys generated for encrypting structured and unstructured data
As many industries are subject to strict regulatory requirements regarding data protection and privacy, using an HSM to manage encryption keys helps organizations comply with these regulations by ensuring that the keys are securely managed and not exposed to third-party cloud providers.
The logical security measures provided by HSMs protect against a wide range of attacks, including tampering and exploitation attempts. This ensures that encryption keys remain secure, even in the event of a breach elsewhere in the IT environment.
In the current digital age, where data breaches and cybersecurity threats are increasingly common, securing sensitive data in the cloud has become paramount. Netskope’s support for hardware security modules empowers organizations to take control of their encryption key management, offering a secure, compliant, and flexible solution that aligns with the NSA and CISA’s recommendations for secure cloud key management practices. This approach not only enhances an organization’s cloud security posture but also builds trust with customers and stakeholders by demonstrating a commitment to protecting sensitive information.
3. Network Segmentation and Encryption in Cloud Environments
Implementing network segmentation and encryption in cloud environments is the focus of the third CSI. Netskope’s secure access service edge (SASE) is a comprehensive cloud security service that delivers network segmentation and encryption in all cloud and on-premise environments. With the rise of cloud services exponentially increasing the complexity of managing and securing enterprise networks, and with