SolutionsSecuring Remote Workers

Securing Remote Workers

Safely enable direct-to-net communications, while securing remote workers accessing managed and unmanaged apps, cloud services, websites, as well as private applications in public clouds and data centers. Create a secure, cloud-first environment, reducing the need to backhaul traffic or rely on legacy VPNs that introduce unnecessary costs, complexity, and latency.

Direct and secure access

Remove expensive legacy back hauling using VPNs and deliver a direct-to-net architecture using a cloud security platform. Netskope provides a global security cloud for securing and managing remote workers’ access to websites and cloud applications. Additionally Netskope seamlessly and securely connects remote workers to their private applications in the data center or public cloud using Zero Trust Network Access.

Secure collaboration

Cloud app use for productivity is exploding; Slack, Zoom, and Microsoft Teams are the top collaboration tools used by employees inside and outside the organization. While employees are trying to get work done, security teams still need to protect company data. Netskope provides granular visibility and control of web and cloud usage, combined with comprehensive data and threat protection to safely enable remote workers no matter where they are or what they do.

Remote work @ risk


of workers are now remote, a 148% increase with the pandemic

Source: Netskope Cloud and Threat Report
- August 2020


increase in visits to high-risk apps and sites

Source: Netskope Cloud and Threat Report
- August 2020

Cloud and Threat Report: August 2020 Edition

Remote Work @ Risk


The August 2020 Edition of the Cloud and Threat Report spotlights how the abrupt shift to remote work led to a massive change in user behavior. These user behaviors include the adoption of new cloud applications, and the increasingly blurry lines between work and personal life. With these changes in mind, key findings identified risk scenarios, such as the growing personal use of managed devices and the use of questionable applications that places enterprise data at risk.


Get the Netskope Cloud and Threat Report so you can effectively protect your business and get your security program up to speed.

Key benefits and capabilities


Granular visibility and control

Understand and control the websites and cloud applications being accessed by your remote workers. Learn what level of risk those cloud applications pose, and how remote workers are using those apps.


Enhanced user experience

Safely access cloud, web, and private applications using a high-performance, scalable global network infrastructure (NewEdge™). Guarantee that employees experience seamless and low-latency connectivity wherever they are.


Global data protection

Advanced DLP policies and reports help ensure regulatory compliance by monitoring and preventing sensitive data from being accessed and uploaded by remote workers to unmanaged cloud applications or websites.


Threat protection for
remote workers

Detect and stop malware and cloud-enabled threats across your environment in real-time. Mitigate data exfiltration and insider threats, alert on account compromise and highlight anomalous user behavior.


Zero Trust Network Access

Provide direct, seamless and secure remote access to applications in public cloud environments or data centers without unnecessary exposure to the internet.


Integrated and efficient security

Consolidate point solutions and reduce the complexity and cost of managing multiple disparate products. Protect your environment with a single, intuitive console, using a single, integrated cloud-native platform to simplify deployment, operations and policy enforcement.

We picked Netskope because it was the only cloud security platform that offered every possible deployment option, allowing us to easily address any new use cases or requirements that arise.

—CIO, Financial Services Firm

Frequently asked questions

What is the difference between a VPN and Zero Trust Network Access?

VPN solutions have been around for over a decade and were primarily used to form secure connections back to the corporate office (or data center) in order to give users access to company resources and data. With the prevalence of the cloud and mobile users, most employees are using cloud apps to work and no longer have a need to connect back to the corporate office. With Zero Trust Network Access (ZTNA), organizations can provide secure access to cloud based apps, and HQ if needed, while users traverse any internet connection (sometimes referred to as “Direct-to-net”). Additionally, ZTNA also provides a model that can restrict access to resources based on various criteria (user, device, location, etc.).

With an explosion in remote workers, how can I guard against a performance impact?

In the legacy VPN model, all users were backhauled to a centralized location in order to ensure that network traffic was inspected for security and compliance reasons. This puts both strain on the network connection as well as increased latency due to the distance every request must travel before hitting a website or cloud application. In order to provide a seamless user experience and avoid impact to the end user, organizations need to provide a mechanism for users to access the web and cloud directly. This direct-to-net architecture allows for some performance improvements, however it introduces new risk as connections to business applications are traversing the open, and unsecured, internet. To achieve secure connections without impacting user performance, security teams should look to adopt a Zero Trust Network Access (ZTNA) model from providers that have a global infrastructure.

Cloud based collaboration tools are critical to my remote workforce. How do I ensure security for thousands of users without impacting productivity?

It’s no surprise that digital transformation is pushing organizations to consume more cloud services, including collaboration tools. Common cloud apps like Slack, Zoom, and Microsoft Office and Teams can all be provisioned quickly and managed in the cloud - offering flexibility and minimal impact to productivity. Given this, you also need a security platform in the cloud that can afford you the same flexibility while protecting the organization’s critical data. When protecting cloud applications for remote users, look for two key elements; first a cloud security platform that can function inline to ensure that data is protected in real-time. Second, the cloud security platform needs to be underpinned by a global infrastructure that supports low latency delivery of security services (so as not to impact the user experience or end user’s productivity).

Remote workers are often at increased risk for cloud phishing attacks. How would I prevent or detect these types of attacks for cloud based apps?

Given phishing is the leading attack method and SaaS applications are the number one target, concerns about cloud phishing to compromise SaaS credentials is valid. Even more so as these attacks use trusted domains, valid certificates, and may even be white listed to by-pass defenses. The answer involves the ability to see the content and context of cloud apps inline, including the few dozen managed cloud apps administered IT, however, more importantly the thousands of unmanaged cloud apps freely adopted by business units and users. A next gen SWG provides both web and cloud app visibility by decoding cloud API/JSON traffic to understand the content and context. This enables policy controls to determine company and personal instances, or to detect a rogue instance delivering a cloud phishing attack. Activity also comes into policy controls to limit downloads from unknown or undesired cloud apps, plus cloud DLP to detect PII being entered into phishing forms including access credentials. Access to cloud app content also requires advanced threat protection defenses as all stages of the cyber kill chain are cloud-enabled today.

Everyone is off the corporate network, how do I get visibility into where our data is going?

With everyone off the corporate network, traditional inspection points will no longer provide visibility into data flows. Additionally, most data movement is now happening through API calls to cloud applications. In order to get visibility and context around both data movement and data types (e.g. sensitive data), you will need a scalable, cloud-based proxy that can decode modern cloud communications as well as perform SSL/TLS decryption and inspection...all while correlating the data and providing you context. This capability is commonly delivered through a secure web gateway, however the differentiator here will be in the context provided by the solution.

The lines between business and personal are basically gone when it comes to cloud applications. How do I make sure that doesn’t hold true for company data too?

Many popular cloud applications like Microsoft Office and G Suite offer personal and business versions of their products. Where security challenges come into play is when the “instance”, or version, of the cloud app being used isn’t easy to identify (typically through the URL parameters). As such, you will need to inspect the API calls happening to each cloud app in order to establish if a user is using it for personal or business reasons. This type of visibility can be done at scale using a cloud-based proxy that can decode modern cloud communications as well as perform SSL/TLS decryption and inspection at scale. The key here is to ensure you are only building data protection policies that protect corporate assets from reaching personal instances without impacting the end user’s ability to perform their job or leverage their personal accounts.

Trusted by leading companies


Request a demo

Get in touch with a Netskope representative to see a live demo.