Netskope – Security Transformation for Digital Transformation

Recently, I met Sanjay Beri, the founder and CEO of Netskope. Sanjay is a leader who seeks to “skate where the puck is going, not where it has been”. I feel like I can use the overused immortal words because Sanjay grew up in Toronto, and more than a decade ago he envisioned widespread use of cloud applications and corporate internet access from n’ anywhere much faster than expected.

Netskope – born in the cloud

In 2012, Netskope was a company founded on the fundamental belief that people and businesses should be able to collaborate and work securely across the cloud, web, devices, and multiple locations.

Once upon a time, all infrastructure and data was within the walls of a data center. The role of security was to protect the perimeter. Life was simple back then – a castle and a moat. There are no perimeters to defend in the world of cloud and everywhere work we live in today. Security must follow data, and a virtual enterprise edge (or enterprise gateway to the internet, cloud, and private applications, as Netskope calls it) is required.

Netskope built an architecture from the ground up to understand remote and mobile traffic, out-of-browser traffic, and data moving to and from the cloud. The new software as a service (SaaS) and infrastructure as a service (IaaS) were the first use cases for the cloud security platform.

Digital transformation will fail without security transformation

Now that digital transformation has become a business imperative, with the cloud as its foundation, Netskope’s cloud-native security platform has come of age.

Critical data now resides in cloud services outside the physical perimeter of the data center. Employees are more mobile and less tied to the head office. Employees may be working from home or in a cafe and need to access business apps that now reside in the cloud from a laptop or smartphone. Traditional network security controls for a data center cannot adequately secure the cloud and mobile world.

Direct-to-net (sometimes called Split Tunneling) is becoming the norm for most IT organizations. Direct-to-Net allows employees to access the Internet and download files and applications directly, without “backhauling” (requiring all Internet traffic to come back through the wide area network (WAN) and a secure central gateway to the center of data)

Secure Web Gateways (SWG) prevent unsecured Internet traffic from entering an organization’s internal network, protecting employees from infection by malicious web traffic, websites with vulnerabilities, Internet-borne viruses, malware and other cyber threats.

The emergence of the Secure Access Service Edge (SASE)

Secure Access Service Edge (SASE), pronounced “saucy”, was coined by Gartner in 2019 to describe the convergence of multiple security functions into a single cloud-delivered service model.

A SASE architecture enables organizations to gain secure access regardless of the location of users, applications, or devices. SASE identifies users and devices, applies policy-based security, and provides secure access to the appropriate application or data.

SASE combines the WAN with network security features such as SWG, Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS), and Zero Trust Network Access (ZTNA) to take supports dynamic and secure access.

These technologies might require some explanation.

A Cloud Access Security Broker CASB resides between a cloud user and a cloud service provider. It enforces an organization’s security policies whenever data in the cloud is accessed. CASB becomes an essential part of an organization’s security – preventing data theft, stopping malware, and increasing trust in cloud data access.

Most of us are familiar with a firewall in a computer network, proactively monitoring all incoming and outgoing traffic and enforcing and enforcing security policies. As applications and data moved to the cloud, firewalls evolved to firewall as a service (FWaaS) or firewalls provided as part of the cloud infrastructure.

Zero Trust Network Access (ZTNA), also known as Software Defined Perimeter (SDP), enables secure access to internal applications for remote users. ZTNA is an alternative to network-centric solutions such as Virtual Private Networks (VPNs), an attack surface to exploit.

User access is on a need-to-know and least-privilege basis defined by granular policies. ZTNA provides remote users with seamless and secure connectivity to private applications without ever placing them on the network or exposing the applications to the Internet.

ZTNA takes a user-application approach rather than a traditional network security approach; in other words, ZTNA isolates the act of providing application access from network access.

By establishing outbound-only connections, ZTNA ensures that network and application infrastructure are invisible to unauthorized users, never exposing IP addresses to the Internet. Once users are authorized, application access is done on an individual basis with access only to specific applications rather than full network access. Segmentation prevents overly permissive access and the risk of lateral movement of malware and other threats.

Netskope also has Cloud XD, which decodes cloud applications and services using big data analytics. It will provide visibility into users, devices, applications and all activities in cloud and web environments. It will then make recommendations such as real-time coaching, requiring two-factor authentication, and alerting users to continue or cancel the action.

SASE tools can identify sensitive data or malware, decrypt content at line speed, and continuously monitor session risk and trust levels, protecting data while providing secure identity-based access across the cloud’s virtual perimeter.

Wrap

The phrase “Nobody gets fired for buying IBM” has been around for over twenty years. No one has ever been fired for buying the “safe” brand of their choice.

In the brave new world of digital transformation, the “safe” choice is the opposite of thinking outside the box. Companies that don’t embrace innovation end up with technology that’s more expensive, less functional, and unsuitable for business.

I want to invent a new phrase for the age of digital transformation – “Nobody ever gets fired for preventing a data breach.”

Security must be context-aware to protect data where and when it is accessed without slowing down performance or the user experience. If this is not your experience today, perhaps you should turn to Netskope.

Moor Insights & Strategy, like all research and analysis companies, provides or has provided research, analysis, advice or paid advice to many high tech companies in the industry including 8×8, Advanced Micro Devices, Amazon , Applied Micro, ARM, Aruba Networks, AT&T, AWS, A-10 Strategies, Bitfusion, Blaize, Box, Broadcom, Calix, Cisco Systems, Clear Software, Cloudera, Clumio, Cognitive Systems, CompuCom, Dell, Dell EMC, Dell Technologies , Diablo Technologies, Digital Optics, Dreamchain, Echelon, Ericsson, Extreme Networks, Flex, Foxconn, Frame (now VMware), Fujitsu, Gen Z Consortium, Glue Networks, GlobalFoundries, Google (Nest-Revolve), Google Cloud, HP Inc. , Hewlett Packard Enterprise, Honeywell, Huawei Technologies, IBM, Ion VR, Inseego, Infosys, Intel, Interdigital, Jabil Circuit, Konica Minolta, Lattice Semiconductor, Lenovo, Linux Foundation, MapBox, Marvell, Mavenir, Marseille Inc, Mayfair Equity, Meraki (Cisco), Mesosphere , Microsoft, Mojo Networks, National Instruments, Net Application, Nightwatch, NOKIA (Alcatel-Lucent), Nortek, Novumind, NVIDIA, Nuvia, ON Semiconductor, UNUG, OpenStack Foundation, Oracle, Poly, Panasas, Peraso, Pexip, Pixelworks, Plume Design, Poly, Portworx, Pure Storage, Qualcomm, Rackspace, Rambus, Rayvolt E-Bikes, Red Hat, Residio, Samsung Electronics, SAP, SAS, Scale Computing, Schneider Electric, Silver Peak, SONY, Springpath, Spirent, Splunk, Sprint , Stratus Technologies, Symantec, Synaptics, Syniverse, Synopsys, Tanium, TE Connectivity, TensTorrent, Tobii Technology, T-Mobile, Twitter, Unity Technologies, UiPath, Verizon Communications, Vidyo, VMware, Wave Computing, Wellsmith, Xilinx, Zebra, Zededa and Zoho that can be cited in blogs and searched.

Comments are closed.