As you read in Sanjay’s blog post, we are excited to announce that we closed a $100 million series E funding round. This is awesome news for the team here at Netskope, because this new funding is the critical fuel that we will use to continue building the Netskope cloud security platform. We believe that a new approach is needed to solve the challenges that enterprise are facing with the rapid adoption of the cloud. One such challenge is the security risk posed by the increasingly blurred lines between cloud and web.
Netskope was founded with the belief that the far-reaching impact of the cloud would require a fundamentally new approach to security. To that end, we built our solution with a few key tenets in mind:
- The first is that organizations would, wittingly or unwittingly, use many cloud services, and only a few of them would be administered centrally by IT.
- The second is that people would access those apps from everywhere, on a multitude of devices.
- And the third is that, rather than block apps outright, IT would prefer to govern what people do in them.
Those tenets drove our architectural choices, and are the source of our differentiation in the market. Let’s look at some of these drivers in a little more detail.
An Explosion of Cloud and the Unsanctioned Cloud
Netskope has done thousands of cloud risk assessments. Data from these risk assessments show that over one thousand cloud applications are in use at a typical enterprise. What’s important to note is that while IT may have sanctioned a few dozen (at most) of these cloud applications, the rest are driven by business units or teams being unshackled from the restrictions of an IT procurement and deployment process. Every employee in the enterprise may also choose to adopt their own preferred cloud app; often taking advantage of the freemium model of many cloud apps to get their work done. A lot of times it is hard for IT to distinguish between the enterprise sanctioned and the employee adopted instances of the same cloud app.
Teams within an enterprise are rapidly adopting IaaS or PaaS solutions to build their own applications without waiting for IT to procure, deploy and manage the infrastructure needed to support these applications.
Each one of these unsanctioned SaaS or custom applications built on IaaS or PaaS infrastructure use public or private APIs that are opaque to legacy security solutions. The ramifications of an API call may not be clear from the context gleaned from just looking at the network traffic. A modern security solution needs to understand these API calls in order to a