Jon Oltsik, ESG Senior Principal Analyst and widely recognized information security expert, reviews what it means to ensure data privacy, security, and sovereignty, and what you should be looking for from your cloud providers.

1. Data Privacy, Security,
and Sovereignty
in a Cloudy World

2. Speakers
Jon Oltsik
Senior Principal Analyst
Enterprise Strategy Group
Rajneesh Chopra
VP, Product Management
Netskope

3. Agenda
1. Cloud computing plans
2. Cloud computing and information security
3. What’s Needed
4. The Bigger Truth
5. Q&A

4. Cloud Computing Plans

5. 2014 IT Spending Change by Technology
To the best of your knowledge, to what extent will your organization’s 2014 IT spending
for each technology listed below change relative to 2013? (Percent of respondents)
2014 spending will increase 2014 spending will stay flat 2014 spending will decrease
52%
52%
49%
48%
47%
46%
46%
43%
41%
Cloud computing services (N=276)
Security (N=261)
Virtualization/private cloud infrastructure software (N=197)
Storage infrastructure (N=306)
Network infrastructure (N=301)
Business intelligence/analytics (N=187)
Server infrastructure (N=337)
Databases (N=282)
Business applications (N=261)
Infrastructure management software (N=178)
Endpoint computing devices (N=175)
© 2014 Netskope. All Rights Reserved.
5
40%
72%
62%
31%
38%
45%
38%
44%
41%
46%
46%
48%
31%
39%
21%
6%
7%
9%
17%
14%
7%
15%
10%
14%
12%
13%
12%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Information management software (N=168)

6. Usage of Cloud Computing Services
Please indicate your organization’s usage of or plans for each of the following
cloud computing services. (Percent of respondents, N=562)
Currently use
Do not currently use, but we have done so within the past two years
Do not currently use but we plan to
No use or plans at this time but we are interested
No use, plans, or interest at this time
33%
© 2014 Netskope. All Rights Reserved.
1%
2%
6
27%
63%
10%
12%
23%
21%
17%
15%
18%
9%
17%
20%
10%
2%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Software-as-a-service (SaaS)
Infrastructure-as-a-service (IaaS)
Platform-as-a-service (PaaS)

7. Most Important Considerations for IT
Which of the following considerations do you believe will be most important in
justifying IT investments to your organization’s business management team over
the next 12 months? (Percent of respondents, N=562, three responses accepted)
Return on investment
Reduction in operational expenditures
Business process improvement
Improved security/risk management
Reduction in capital expenditures
Improved regulatory compliance
Reduced time-to-market for our products or…
© 2014 Netskope. All Rights Reserved.
38%
7
20%
19%
18%
26%
31%
37%
37%
0% 5% 10% 15% 20% 25% 30% 35% 40%
Speed of payback

8. Applications Deployed via SaaS Model
You have indicated that your organization is currently using software-as-a-service
(SaaS). What specific applications has your organization currently deployed via a
SaaS model? (Percent of respondents, N=354, multiple responses accepted)
CRM (Customer Relationship Management)
E-mail
Collaboration/file sharing
Industry-specific applications
Internet/e-mail marketing
Human resources
Office productivity
Business intelligence/analytics
Project management
Accounting/financial
Content management/document management
© 2014 Netskope. All Rights Reserved.
8
21%
30%
30%
29%
27%
26%
25%
28%
33%
31%
40%
38%
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
Marketing automation

9. Cloud
Computing
and
Information
Security

10. Security Issues with IT Initiatives
How has the introduction of the following technologies and policies altered security
management and operations at your organization? (Percent of respondents, N=315)
30%
37%
38%
© 2014 Netskope. All Rights Reserved.
6%
2%
4%
10%
2%
10
18%
13%
9%
6%
17%
31%
30%
34%
38%
38%
32%
38%
41%
32%
31%
21%
29%
16%
6%
9%
3%
10%
11%
9%
7%
7%
5%
3%
3%
4%
5%
3%
3%
6%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
Cloud computing
Mobile devices
Remote worker policies
BYOD policies
Server virtualization
Web applications / SOA
Desktop virtualization
Made security management and operations much more difficult Made security management and operations somewhat more difficult
Had no impact on security management and operations Made security management and operations somewhat easier
Made security management and operations much easier Don’t know / Not applicable

11. Biggest IT Risks with Cloud Infrastructure
Which of the following do you believe present the biggest IT risks in relation to the use of cloud
infrastructure services? (Percent of respondents, N=229, multiple responses accepted)
Lack of control over security operations directly related to IT…
Privacy concerns associated with sensitive and/or regulated data…
Lack of security visibility into cloud services infrastructure
Security breach that compromises our cloud service providers’ …
Poor security practices at a cloud service provider
Risk of a network breach between internal networks and cloud…
Employees may be using cloud-based infrastructure services that…
Application-layer vulnerabilities within cloud infrastructure…
Failing an IT or compliance audit
Strategic cloud service provider financial problems
© 2014 Netskope. All Rights Reserved.
11
16%
16%
19%
22%
21%
27%
26%
29%
28%
31%
33%
0% 5% 10% 15% 20% 25% 30% 35%
Rogue employee working at a cloud service provider

12. Understand company, customer, and
employee data in context
WHERE ARE THE DATA LOCATED?
ARE THE DATA SENSITIVE?
• Geo-residency visibility and
policy enforcement
• Block uploading to cloud apps where
data are stored outside of geo
• Prevent “sharing” outside of geo
• In-depth DLP inspection
• Understand 400+ file types
• 3000+ unique data identifiers that
include regional differences
• Pre-defined PII, PCI, PHI profiles
© 2014 Netskope. All Rights Reserved.
12
COMPANY,
CUSTOMER, AND
EMPLOYEE DATA

13. Encryption key management
© 2014 Netskope. All Rights Reserved.
13
• Manage encryption keys in the
cloud or on-premises
• Netskope Active Encryption is
FIPS 140-2, Level 3 security
certified

14. Security Skills Shortage
In which of the following areas of information security do you believe your IT organization currently has
a problematic shortage of existing skills? (Percent of respondents, N=315, multiple responses accepted)
Cloud/server virtualization security
Endpoint/mobile device security
Network security
Data security
Security analysis/forensics
Emerging threat/malware expertise
Application development security
Security operations
Email/messaging security
Application/database security
© 2014 Netskope. All Rights Reserved.
14
8%
22%
20%
25%
23%
31%
30%
30%
28%
31%
43%
We do not currently have a problematic shortage of existing…
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%

15. What’s Needed?
“As IT loses control, CISOs need to establish more control”
Identity and data

16. What’s Needed?
Discovery
• Applications, users, activities, etc.
Control
• Alignment with security policies
• Granularity, contextual policy enforcement
Visibility
• “Wide and Deep”
• Analytics capabilities
Detection and Response
• Risk management
• Alerting
• Change management
• Automation

17. Understand location of apps, users, and data traffic
© 2014 Netskope. All Rights Reserved.
17

18. The Bigger Truth
Cloud computing momentum
Security issues
• People, processes, and technology
• As IT loses control, CISOs must gain greater
control of what they can
Need for:
• Discovery, continuous monitoring, situational
awareness, risk management, and controls

19. Discovery Visibility
Data
Activity
Granular
Control
ANY APP ANY DEVICE
App
Identity
REAL-TIME & FLEXIBLE DEPLOYMENT
Deep Context Services
Netskope Active Platform

20. Where are your users? Where is the data?
20

21. Allow is the new block (allow is new block green
light slide)
21