SlideShare a Scribd company logo

10 Alternatives to Heavy Cloud Controls

S
Sean Dickson

The document discusses alternatives to heavy-handed controls for cloud application usage that are being adopted by Netskope customers. Some of the key alternatives discussed include evaluating apps based on risk rather than just blocking them, monitoring usage to understand what activities people are doing in apps, looking for anomalous usage patterns, blocking specific risky activities rather than entire apps, using contextual information to more precisely detect data loss, having conversations with users about usage, providing compliant alternative apps, and setting granular usage policies based on user, app, activity, and other attributes. The goal of these approaches is to enable cloud apps while still protecting the enterprise and ensuring compliance.

1 of 5
Download to read offline
“Allow is the New Block” in Action: 10 Alternatives to Heavy-Handed Cloud App Control
! “Allow is the New Block” “Allow is the New Block” is a philosophy we live by at Netskope. It encapsulates our view on cloud enablement and reflects our product capabilities. But it’s more than just a glib catch- phrase. We believe in it and there’s real meaning and substance behind it. For as long as the term “Shadow IT” has existed, technology vendors have encouraged IT professionals to uncover unsanctioned IT in their organizations so they can block it. And if you think about things from a purely security-oriented point-of-view, blocking makes a lot of sense. But we, and our customers, are taking a different tack. Our point of view is that blocking any useful technology doesn’t work and ultimately does the IT organization and the business a disservice. Cloud apps like Box, Dropbox, Jira, NetSuite, and Workday help people get their jobs done more efficiently and flexibly, and people will always find ways to use cloud apps, even if it means going outside of enterprise policy. Our view is that with a little diligence, the right data, and the ability to enforce policy in a very precise manner, enterprise IT can eliminate the catch-22 of enabling the cloud while protecting the enterprise. By looking closely at cloud app usage, using granular policies to shape behavior, and using data to have a conversation with users and lines of business, they are eschewing heavy-handed controls for a more nuanced and effective approach. 10 Alternatives to Heavy-Handed Cloud App Controls Below are ten best practices we generalize from the thoughtful and creative approach our customers are taking. 1. Evaluate app risk After discovering cloud apps in their environment, many of our customers evaluate the risk of those apps. They use the Netskope Cloud Confidence Index™ (CCI) to give them an enterprise-readiness score based on objective criteria. For a low-confidence app, they then evaluate the app based on how it is used in the enterprise. Is it used for high-value or mission-critical activities or does it handle sensitive data? It is the combination of an app’s enterprise-readiness score and the organization’s unique usage of that app that defines that app’s risk. For risky apps, these customers may limit certain activities in the app or partner with the user or line of business to select a less- risky app that offers similar functionality. If not, they may simply let the app continue and monitor or exert mitigating controls. This is especially important for the apps they don’t procure or administer, but are still broadly used in the enterprise.
! 2. Monitor usage Many of our customers go beyond discovering cloud apps to understand what people are doing in them. One Netskope customer in the media industry employs a usage framework to evaluate the scope, business case, and risk of the app. IT measures app user counts and usage volume to ascertain scope. For heavily-used apps, they identify activities (e.g., sharing, downloading, editing, and administrative activities), and build a business case to either support the app or, in the case of app overlap, suggest consolidation. Finally, they look at usage through a risk lens, assigning each activity a risk level. When they find an app in which users are performing high- risk activities, they set a policy blocking the risky activity. 3. Look for anomalies The above example highlights the importance of looking at behaviors within apps, not just the presence of an app. Some questions our customers ask when they use our solution is: What is the usage baseline of this app, and are there spikes in usage or activity? Are there more sessions than normal in a given time period? Excessive downloading? People logging in from locations they shouldn’t be, or from two locations at once? These behaviors can signal risky behavior or even an external attack. 4. Block an activity, not an app Some technology vendors encourage IT to uncover unsanctioned apps so they can shut them down. This sledgehammer approach rarely works and pits IT against the business in a negative way. Rather than block an app wholesale, several of our customers analyze the activities within the apps that represent the most risk (e.g., downloading to a mobile device, sharing with someone outside of the company) and block them. This lets them shape the activity to mitigate risk. Key to this is that they do this for not just the apps they manage but especially for the ones they don’t. 5. Protect data in context Adopters of data leakage prevention solutions – or any detection technologies for that matter – know full well that too many false positives erode the value of a solution. As our customers think about cloud data loss prevention, they are being smart about context. Rather than just detect patterns or key words, they are using Netskope to define granular contextual situations incorporating user, group, app category, location, device, and activity (such as upload or share) that help narrow the scope of where a data breach is likely to occur. This helps them increase
! their accuracy when they do apply data loss prevention techniques such as blocking or encrypting. 6. Have a conversation One of our e-commerce customers needs to keep a close eye on PCI DSS compliance. But the organization also has an enabling philosophy when it comes to cloud apps. So, when IT finds an app that does not facilitate PCI compliance or identifies a behavior within an app that could hurt their compliance status, they learn how the app is being used, come up with a few options to improve their compliance status, and then have a conversation about it with the user or line of business. Tapping someone on the shoulder and having a data-driven conversation increases the chance of an optimal outcome for both IT and the business. 7. Provide alternatives One of our healthcare customers is all about coming to the conversation not just with data, but with alternatives. They use the CCI to identify apps that have similar features and functionality to riskier ones the business may be using. In the conversation, IT points out why the apps in use put the business at risk (e.g., poor auditability or lack of HIPAA compliance) and offer choices that have a higher confidence score. This positions IT as a problem-solver and increases the chances that users will solicit IT’s input before procuring a cloud app the next time around. 8. Trust but verify One of our media customers is reluctant to put onerous policies in place. Their culture centers on trusting people, and their risk profile enables them to make the tradeoff of permissiveness with potential data leakage. They balance this by auditing cloud app usage on a periodic basis as well as setting watch lists for particular behaviors that can signal a potential data breach or malicious activity. 9. Do forensics in the cloud In addition to cloud audits, several of our customers perform forensic analysis after a suspected breach. In one example, a departing employee of one of our customers stole proprietary content to take to a competitor. IT identified the data breach as well as the events leading up to it, giving the company enough evidence to approach the competitor and recover the content. As a result of the accurate, thorough forensic audit trail, the employee in question lost his job not only at our customer, but also at the competitor.
! 10. Get specific Many of the above examples point to the benefit of specificity. Our customers are running analytics and setting policies based on combinations of app, category, user, group, location, device, OS, browser, time, app confidence score, activity, and content. This specificity allows them to, for example, be alerted when people in Investor Relations share content from a cloud app during the company’s quiet period, block downloads of sensitive documents to mobile devices, prevent HR employees from accessing salary data outside of work, and limit content uploads for people in Germany to apps hosted in the United States. The above are ways our customers are taking a lean-forward approach to cloud adoption and enablement while also mitigating risk and keeping their businesses compliant with their policies. What’s cool is not one of the ten examples above includes an outright “no” to a cloud app. While some of our customers conclude that blocking an app is the right approach, it is with the right usage data, the right information about app risk, and the granularity to shape usage with a fine scalpel versus a sledgehammer. ABOUT NETSKOPE Netskope™!is!the!leader!in!safe!cloud!enablement.!Only!the!Netskope!Active!PlatformTM !provides!discovery,!deep! visibility,!and!granular!control!of!sanctioned!and!unsanctioned!cloud!apps.!With!Netskope,!IT!can!direct!usage,!protect! sensitive!data,!and!ensure!compliance!in!realBtime,!on!any!device,!and!with!the!broadest!range!of!deployment!options!in! the!market.!With!Netskope,!businesses!can!move!fast,!with!confidence. ©2014 Netskope, Inc. All rights reserved. 4984 El Camino Real, Suite 102, Los Altos, CA 94022 Netskope is a registered trademark and Cloud Confidence Index and SkopeSights are trademarks of Netskope, Inc. All other trademarks are trademarks of their respective holders. 09/14 SB-8-2

Recommended

10 alternatives to heavy handed cloud app control
10 alternatives to heavy handed cloud app control10 alternatives to heavy handed cloud app control
10 alternatives to heavy handed cloud app controlAneel Mitra
 
EveryCloud 5-steps-cloud-confidence
EveryCloud 5-steps-cloud-confidenceEveryCloud 5-steps-cloud-confidence
EveryCloud 5-steps-cloud-confidencePaul Richards
 
Data in the Wild: Survival Guide
Data in the Wild: Survival GuideData in the Wild: Survival Guide
Data in the Wild: Survival GuideDruva
 
The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014Symantec
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 
Importance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in HealthcareImportance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in HealthcareChromeInfo Technologies
 
Customer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny ObjectsCustomer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny ObjectsJoAnna Cheshire
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 

Recommended

10 alternatives to heavy handed cloud app control
10 alternatives to heavy handed cloud app control10 alternatives to heavy handed cloud app control
10 alternatives to heavy handed cloud app controlAneel Mitra
 
EveryCloud 5-steps-cloud-confidence
EveryCloud 5-steps-cloud-confidenceEveryCloud 5-steps-cloud-confidence
EveryCloud 5-steps-cloud-confidencePaul Richards
 
Data in the Wild: Survival Guide
Data in the Wild: Survival GuideData in the Wild: Survival Guide
Data in the Wild: Survival GuideDruva
 
The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014The Forrester Wave™: Enterprise Mobile Management Q3 2014
The Forrester Wave™: Enterprise Mobile Management Q3 2014Symantec
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 
Importance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in HealthcareImportance of Enterprise Mobility Solution in Healthcare
Importance of Enterprise Mobility Solution in HealthcareChromeInfo Technologies
 
Customer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny ObjectsCustomer Centric Innovation in a World of Shiny Objects
Customer Centric Innovation in a World of Shiny ObjectsJoAnna Cheshire
 
ultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeultimate-guide-to-getting-started-with-appsec-veracode
ultimate-guide-to-getting-started-with-appsec-veracodeSean Varga
 
Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyChris Niggel
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]LinkedIn
 
Ten top tips on keeping your business secure
Ten top tips on keeping your business secureTen top tips on keeping your business secure
Ten top tips on keeping your business secureBurCom Consulting Ltd.
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the CloudPeak 10
 
Vps server 3
Vps server 3Vps server 3
Vps server 3GeralynDeanda36
 
Case study: Getting a grip on application risk
Case study: Getting a grip on application riskCase study: Getting a grip on application risk
Case study: Getting a grip on application riskIceberg Networks Corporation
 
Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureBurCom Consulting Ltd.
 
IBM Watson Developer Cloud Vision Services
IBM Watson Developer Cloud Vision ServicesIBM Watson Developer Cloud Vision Services
IBM Watson Developer Cloud Vision ServicesIBM Watson
 
CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?CloudIDSummit
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015Francisco Anes
 
Blockchain readiness block512
Blockchain readiness block512Blockchain readiness block512
Blockchain readiness block512JoAnna Cheshire
 
Transforming Business with Cognitive APIs: What Innovative Business Strategie...
Transforming Business with Cognitive APIs: What Innovative Business Strategie...Transforming Business with Cognitive APIs: What Innovative Business Strategie...
Transforming Business with Cognitive APIs: What Innovative Business Strategie...IBM Watson
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives- Mark - Fullbright
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTFUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTForgeRock
 
Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...
Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...
Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...ForgeRock
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Web application security - Emstell Technology Consulting
Web application security - Emstell Technology ConsultingWeb application security - Emstell Technology Consulting
Web application security - Emstell Technology ConsultingAyoob Kalathingal
 
Persian dance 1-2
Persian dance 1-2Persian dance 1-2
Persian dance 1-2massy1
 
Alpha WorkWear by Viz Reflectives North America
Alpha WorkWear by Viz Reflectives North AmericaAlpha WorkWear by Viz Reflectives North America
Alpha WorkWear by Viz Reflectives North AmericaJustin Krook
 
CV_2015R1
CV_2015R1CV_2015R1
CV_2015R1P. JETEN JEET
 

More Related Content

What's hot

Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecJessica Lavery Pozerski
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyChris Niggel
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]LinkedIn
 
Ten top tips on keeping your business secure
Ten top tips on keeping your business secureTen top tips on keeping your business secure
Ten top tips on keeping your business secureBurCom Consulting Ltd.
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the CloudPeak 10
 
Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureBurCom Consulting Ltd.
 
IBM Watson Developer Cloud Vision Services
IBM Watson Developer Cloud Vision ServicesIBM Watson Developer Cloud Vision Services
IBM Watson Developer Cloud Vision ServicesIBM Watson
 
CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?CloudIDSummit
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015Francisco Anes
 
Blockchain readiness block512
Blockchain readiness block512Blockchain readiness block512
Blockchain readiness block512JoAnna Cheshire
 
Transforming Business with Cognitive APIs: What Innovative Business Strategie...
Transforming Business with Cognitive APIs: What Innovative Business Strategie...Transforming Business with Cognitive APIs: What Innovative Business Strategie...
Transforming Business with Cognitive APIs: What Innovative Business Strategie...IBM Watson
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTFUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTForgeRock
 
Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...
Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...
Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...ForgeRock
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataOnline Business
 
Web application security - Emstell Technology Consulting
Web application security - Emstell Technology ConsultingWeb application security - Emstell Technology Consulting
Web application security - Emstell Technology ConsultingAyoob Kalathingal
 

What's hot (19)

Ultimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSecUltimate_Guide_to_getting_started_with_AppSec
Ultimate_Guide_to_getting_started_with_AppSec
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security Policy
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]
 
Ten top tips on keeping your business secure
Ten top tips on keeping your business secureTen top tips on keeping your business secure
Ten top tips on keeping your business secure
 
10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud10 Tips for CIOs - Data Security in the Cloud
10 Tips for CIOs - Data Security in the Cloud
 
Vps server 3
Vps server 3Vps server 3
Vps server 3
 
Case study: Getting a grip on application risk
Case study: Getting a grip on application riskCase study: Getting a grip on application risk
Case study: Getting a grip on application risk
 
Ten Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business SecureTen Top Tips on Keeping Your Business Secure
Ten Top Tips on Keeping Your Business Secure
 
IBM Watson Developer Cloud Vision Services
IBM Watson Developer Cloud Vision ServicesIBM Watson Developer Cloud Vision Services
IBM Watson Developer Cloud Vision Services
 
CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?CIS13: Security's New Normal: Is Cloud the Answer?
CIS13: Security's New Normal: Is Cloud the Answer?
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015
 
Blockchain readiness block512
Blockchain readiness block512Blockchain readiness block512
Blockchain readiness block512
 
Transforming Business with Cognitive APIs: What Innovative Business Strategie...
Transforming Business with Cognitive APIs: What Innovative Business Strategie...Transforming Business with Cognitive APIs: What Innovative Business Strategie...
Transforming Business with Cognitive APIs: What Innovative Business Strategie...
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
 
Big Data Dectives
Big Data DectivesBig Data Dectives
Big Data Dectives
 
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENTFUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
FUTURE-PROOFING CONSUMER IDENTITY AND ACCESS MANAGEMENT
 
Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...
Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...
Adding Relationship Management to Identity: It's a Must for Customer-Obsessed...
 
En msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdataEn msft-scrty-cntnt-e book-protectyourdata
En msft-scrty-cntnt-e book-protectyourdata
 
Web application security - Emstell Technology Consulting
Web application security - Emstell Technology ConsultingWeb application security - Emstell Technology Consulting
Web application security - Emstell Technology Consulting
 

Viewers also liked

Persian dance 1-2
Persian dance 1-2Persian dance 1-2
Persian dance 1-2massy1
 
Alpha WorkWear by Viz Reflectives North America
Alpha WorkWear by Viz Reflectives North AmericaAlpha WorkWear by Viz Reflectives North America
Alpha WorkWear by Viz Reflectives North AmericaJustin Krook
 
5 must haves - cloud confidence
5 must haves - cloud confidence5 must haves - cloud confidence
5 must haves - cloud confidenceSean Dickson
 
CloudSecurityForDummies_Netskope (1)
CloudSecurityForDummies_Netskope (1)CloudSecurityForDummies_Netskope (1)
CloudSecurityForDummies_Netskope (1)Sean Dickson
 
Mémoire ngagne thiam_final
Mémoire ngagne thiam_finalMémoire ngagne thiam_final
Mémoire ngagne thiam_finalNgagne Thiam
 
Summer Training Project Report-11-12
Summer Training Project Report-11-12Summer Training Project Report-11-12
Summer Training Project Report-11-12Niranjan Kumar
 
Présentation mémoire de fin de cycle
Présentation mémoire de fin de cyclePrésentation mémoire de fin de cycle
Présentation mémoire de fin de cycleNgagne Thiam
 
Persian dance 1-1
Persian dance 1-1Persian dance 1-1
Persian dance 1-1massy1
 

Viewers also liked (11)

Persian dance 1-2
Persian dance 1-2Persian dance 1-2
Persian dance 1-2
 
Alpha WorkWear by Viz Reflectives North America
Alpha WorkWear by Viz Reflectives North AmericaAlpha WorkWear by Viz Reflectives North America
Alpha WorkWear by Viz Reflectives North America
 
CV_2015R1
CV_2015R1CV_2015R1
CV_2015R1
 
5 must haves - cloud confidence
5 must haves - cloud confidence5 must haves - cloud confidence
5 must haves - cloud confidence
 
CloudSecurityForDummies_Netskope (1)
CloudSecurityForDummies_Netskope (1)CloudSecurityForDummies_Netskope (1)
CloudSecurityForDummies_Netskope (1)
 
Mémoire ngagne thiam_final
Mémoire ngagne thiam_finalMémoire ngagne thiam_final
Mémoire ngagne thiam_final
 
Summer Training Project Report-11-12
Summer Training Project Report-11-12Summer Training Project Report-11-12
Summer Training Project Report-11-12
 
Présentation mémoire de fin de cycle
Présentation mémoire de fin de cyclePrésentation mémoire de fin de cycle
Présentation mémoire de fin de cycle
 
Persian dance 1-1
Persian dance 1-1Persian dance 1-1
Persian dance 1-1
 
teoria-de-zarandeo
teoria-de-zarandeo teoria-de-zarandeo
teoria-de-zarandeo
 
Netskope Info
Netskope InfoNetskope Info
Netskope Info
 

Similar to 10 Alternatives to Heavy Cloud Controls

EveryCloud 5-steps-cloud-confidence
EveryCloud 5-steps-cloud-confidenceEveryCloud 5-steps-cloud-confidence
EveryCloud 5-steps-cloud-confidenceKeith Purves
 
Learn How to Maximize Your ServiceNow Investment
Learn How to Maximize Your ServiceNow InvestmentLearn How to Maximize Your ServiceNow Investment
Learn How to Maximize Your ServiceNow InvestmentStave
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Accenture Technology
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5accenture
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-clouddrewz lin
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceKim Cook
 
On premise vs cloud software
On premise vs cloud softwareOn premise vs cloud software
On premise vs cloud softwareTCM infosys
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope OverviewNetskope
 
Top 8 Enterprise Mobility Trends 2015
Top 8 Enterprise Mobility Trends 2015Top 8 Enterprise Mobility Trends 2015
Top 8 Enterprise Mobility Trends 2015DMI
 
Selecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuideSelecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuideHCLSoftware
 
Procuring an Application Security Testing Partner
Procuring an Application Security Testing PartnerProcuring an Application Security Testing Partner
Procuring an Application Security Testing PartnerHCLSoftware
 
A DATA MINING FRAMEWORK FOR PREVENTION OF FAKE APPLICATIONS USING OPINION MINING
A DATA MINING FRAMEWORK FOR PREVENTION OF FAKE APPLICATIONS USING OPINION MININGA DATA MINING FRAMEWORK FOR PREVENTION OF FAKE APPLICATIONS USING OPINION MINING
A DATA MINING FRAMEWORK FOR PREVENTION OF FAKE APPLICATIONS USING OPINION MININGIRJET Journal
 
How Can Enterprise App Development Help Your Business Growth.pdf
How Can Enterprise App Development Help Your Business Growth.pdfHow Can Enterprise App Development Help Your Business Growth.pdf
How Can Enterprise App Development Help Your Business Growth.pdfXDuce Corporation
 
How Can Enterprise App Development Help Your Business Growth.pptx
How Can Enterprise App Development Help Your Business Growth.pptxHow Can Enterprise App Development Help Your Business Growth.pptx
How Can Enterprise App Development Help Your Business Growth.pptxXDuce Corporation
 
User access profiling model
User access profiling modelUser access profiling model
User access profiling modelJose Guerrero
 
Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Daniel L. Cruz
 
Mobilizing Enterprise Data for mobile apps and platforms
Mobilizing Enterprise Data for mobile apps and platformsMobilizing Enterprise Data for mobile apps and platforms
Mobilizing Enterprise Data for mobile apps and platformsAlex Zaltsman
 
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...Utah Tech Labs
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesIJNSA Journal
 

Similar to 10 Alternatives to Heavy Cloud Controls (20)

EveryCloud 5-steps-cloud-confidence
EveryCloud 5-steps-cloud-confidenceEveryCloud 5-steps-cloud-confidence
EveryCloud 5-steps-cloud-confidence
 
Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417Fy17 sec shadow_it-e_book_final_032417
Fy17 sec shadow_it-e_book_final_032417
 
Learn How to Maximize Your ServiceNow Investment
Learn How to Maximize Your ServiceNow InvestmentLearn How to Maximize Your ServiceNow Investment
Learn How to Maximize Your ServiceNow Investment
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5
 
Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5Digital Trust - Tech Vision 2016 Trend 5
Digital Trust - Tech Vision 2016 Trend 5
 
Asset 1 security-in-the-cloud
Asset 1 security-in-the-cloudAsset 1 security-in-the-cloud
Asset 1 security-in-the-cloud
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 
On premise vs cloud software
On premise vs cloud softwareOn premise vs cloud software
On premise vs cloud software
 
Netskope Overview
Netskope OverviewNetskope Overview
Netskope Overview
 
Top 8 Enterprise Mobility Trends 2015
Top 8 Enterprise Mobility Trends 2015Top 8 Enterprise Mobility Trends 2015
Top 8 Enterprise Mobility Trends 2015
 
Selecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuideSelecting an App Security Testing Partner: An eGuide
Selecting an App Security Testing Partner: An eGuide
 
Procuring an Application Security Testing Partner
Procuring an Application Security Testing PartnerProcuring an Application Security Testing Partner
Procuring an Application Security Testing Partner
 
A DATA MINING FRAMEWORK FOR PREVENTION OF FAKE APPLICATIONS USING OPINION MINING
A DATA MINING FRAMEWORK FOR PREVENTION OF FAKE APPLICATIONS USING OPINION MININGA DATA MINING FRAMEWORK FOR PREVENTION OF FAKE APPLICATIONS USING OPINION MINING
A DATA MINING FRAMEWORK FOR PREVENTION OF FAKE APPLICATIONS USING OPINION MINING
 
How Can Enterprise App Development Help Your Business Growth.pdf
How Can Enterprise App Development Help Your Business Growth.pdfHow Can Enterprise App Development Help Your Business Growth.pdf
How Can Enterprise App Development Help Your Business Growth.pdf
 
How Can Enterprise App Development Help Your Business Growth.pptx
How Can Enterprise App Development Help Your Business Growth.pptxHow Can Enterprise App Development Help Your Business Growth.pptx
How Can Enterprise App Development Help Your Business Growth.pptx
 
User access profiling model
User access profiling modelUser access profiling model
User access profiling model
 
Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!Security Redefined - Prevention is the future!!
Security Redefined - Prevention is the future!!
 
Mobilizing Enterprise Data for mobile apps and platforms
Mobilizing Enterprise Data for mobile apps and platformsMobilizing Enterprise Data for mobile apps and platforms
Mobilizing Enterprise Data for mobile apps and platforms
 
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
9 Hidden Challenges of Enterprise Mobility Application Development by Utah Te...
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 

10 Alternatives to Heavy Cloud Controls

  • 1. “Allow is the New Block” in Action: 10 Alternatives to Heavy-Handed Cloud App Control
  • 2. ! “Allow is the New Block” “Allow is the New Block” is a philosophy we live by at Netskope. It encapsulates our view on cloud enablement and reflects our product capabilities. But it’s more than just a glib catch- phrase. We believe in it and there’s real meaning and substance behind it. For as long as the term “Shadow IT” has existed, technology vendors have encouraged IT professionals to uncover unsanctioned IT in their organizations so they can block it. And if you think about things from a purely security-oriented point-of-view, blocking makes a lot of sense. But we, and our customers, are taking a different tack. Our point of view is that blocking any useful technology doesn’t work and ultimately does the IT organization and the business a disservice. Cloud apps like Box, Dropbox, Jira, NetSuite, and Workday help people get their jobs done more efficiently and flexibly, and people will always find ways to use cloud apps, even if it means going outside of enterprise policy. Our view is that with a little diligence, the right data, and the ability to enforce policy in a very precise manner, enterprise IT can eliminate the catch-22 of enabling the cloud while protecting the enterprise. By looking closely at cloud app usage, using granular policies to shape behavior, and using data to have a conversation with users and lines of business, they are eschewing heavy-handed controls for a more nuanced and effective approach. 10 Alternatives to Heavy-Handed Cloud App Controls Below are ten best practices we generalize from the thoughtful and creative approach our customers are taking. 1. Evaluate app risk After discovering cloud apps in their environment, many of our customers evaluate the risk of those apps. They use the Netskope Cloud Confidence Index™ (CCI) to give them an enterprise-readiness score based on objective criteria. For a low-confidence app, they then evaluate the app based on how it is used in the enterprise. Is it used for high-value or mission-critical activities or does it handle sensitive data? It is the combination of an app’s enterprise-readiness score and the organization’s unique usage of that app that defines that app’s risk. For risky apps, these customers may limit certain activities in the app or partner with the user or line of business to select a less- risky app that offers similar functionality. If not, they may simply let the app continue and monitor or exert mitigating controls. This is especially important for the apps they don’t procure or administer, but are still broadly used in the enterprise.
  • 3. ! 2. Monitor usage Many of our customers go beyond discovering cloud apps to understand what people are doing in them. One Netskope customer in the media industry employs a usage framework to evaluate the scope, business case, and risk of the app. IT measures app user counts and usage volume to ascertain scope. For heavily-used apps, they identify activities (e.g., sharing, downloading, editing, and administrative activities), and build a business case to either support the app or, in the case of app overlap, suggest consolidation. Finally, they look at usage through a risk lens, assigning each activity a risk level. When they find an app in which users are performing high- risk activities, they set a policy blocking the risky activity. 3. Look for anomalies The above example highlights the importance of looking at behaviors within apps, not just the presence of an app. Some questions our customers ask when they use our solution is: What is the usage baseline of this app, and are there spikes in usage or activity? Are there more sessions than normal in a given time period? Excessive downloading? People logging in from locations they shouldn’t be, or from two locations at once? These behaviors can signal risky behavior or even an external attack. 4. Block an activity, not an app Some technology vendors encourage IT to uncover unsanctioned apps so they can shut them down. This sledgehammer approach rarely works and pits IT against the business in a negative way. Rather than block an app wholesale, several of our customers analyze the activities within the apps that represent the most risk (e.g., downloading to a mobile device, sharing with someone outside of the company) and block them. This lets them shape the activity to mitigate risk. Key to this is that they do this for not just the apps they manage but especially for the ones they don’t. 5. Protect data in context Adopters of data leakage prevention solutions – or any detection technologies for that matter – know full well that too many false positives erode the value of a solution. As our customers think about cloud data loss prevention, they are being smart about context. Rather than just detect patterns or key words, they are using Netskope to define granular contextual situations incorporating user, group, app category, location, device, and activity (such as upload or share) that help narrow the scope of where a data breach is likely to occur. This helps them increase
  • 4. ! their accuracy when they do apply data loss prevention techniques such as blocking or encrypting. 6. Have a conversation One of our e-commerce customers needs to keep a close eye on PCI DSS compliance. But the organization also has an enabling philosophy when it comes to cloud apps. So, when IT finds an app that does not facilitate PCI compliance or identifies a behavior within an app that could hurt their compliance status, they learn how the app is being used, come up with a few options to improve their compliance status, and then have a conversation about it with the user or line of business. Tapping someone on the shoulder and having a data-driven conversation increases the chance of an optimal outcome for both IT and the business. 7. Provide alternatives One of our healthcare customers is all about coming to the conversation not just with data, but with alternatives. They use the CCI to identify apps that have similar features and functionality to riskier ones the business may be using. In the conversation, IT points out why the apps in use put the business at risk (e.g., poor auditability or lack of HIPAA compliance) and offer choices that have a higher confidence score. This positions IT as a problem-solver and increases the chances that users will solicit IT’s input before procuring a cloud app the next time around. 8. Trust but verify One of our media customers is reluctant to put onerous policies in place. Their culture centers on trusting people, and their risk profile enables them to make the tradeoff of permissiveness with potential data leakage. They balance this by auditing cloud app usage on a periodic basis as well as setting watch lists for particular behaviors that can signal a potential data breach or malicious activity. 9. Do forensics in the cloud In addition to cloud audits, several of our customers perform forensic analysis after a suspected breach. In one example, a departing employee of one of our customers stole proprietary content to take to a competitor. IT identified the data breach as well as the events leading up to it, giving the company enough evidence to approach the competitor and recover the content. As a result of the accurate, thorough forensic audit trail, the employee in question lost his job not only at our customer, but also at the competitor.
  • 5. ! 10. Get specific Many of the above examples point to the benefit of specificity. Our customers are running analytics and setting policies based on combinations of app, category, user, group, location, device, OS, browser, time, app confidence score, activity, and content. This specificity allows them to, for example, be alerted when people in Investor Relations share content from a cloud app during the company’s quiet period, block downloads of sensitive documents to mobile devices, prevent HR employees from accessing salary data outside of work, and limit content uploads for people in Germany to apps hosted in the United States. The above are ways our customers are taking a lean-forward approach to cloud adoption and enablement while also mitigating risk and keeping their businesses compliant with their policies. What’s cool is not one of the ten examples above includes an outright “no” to a cloud app. While some of our customers conclude that blocking an app is the right approach, it is with the right usage data, the right information about app risk, and the granularity to shape usage with a fine scalpel versus a sledgehammer. ABOUT NETSKOPE Netskope™!is!the!leader!in!safe!cloud!enablement.!Only!the!Netskope!Active!PlatformTM !provides!discovery,!deep! visibility,!and!granular!control!of!sanctioned!and!unsanctioned!cloud!apps.!With!Netskope,!IT!can!direct!usage,!protect! sensitive!data,!and!ensure!compliance!in!realBtime,!on!any!device,!and!with!the!broadest!range!of!deployment!options!in! the!market.!With!Netskope,!businesses!can!move!fast,!with!confidence. ©2014 Netskope, Inc. All rights reserved. 4984 El Camino Real, Suite 102, Los Altos, CA 94022 Netskope is a registered trademark and Cloud Confidence Index and SkopeSights are trademarks of Netskope, Inc. All other trademarks are trademarks of their respective holders. 09/14 SB-8-2