In a world of evolving threats, your mobile data is in constant danger. All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices—usually a laptop, a tablet, and a smartphone—that they use both inside and outside of the office. Plus often they’re using their own personal devices to access corporate data. And outside the corporate firewall, it’s a wild world. Learn more at wild.druva.com.
Today, security is so much more than just a firewall. As we saw in our recent webinar, co-hosted with Microsoft to discuss their new Enterprise Mobility + Security Suite (EMS), breaches are resulting from weak end-user passwords or error, as well as a lax attitude toward SaaS and third party "Shadow IT." Add to that infrastructure complexity brought on by cloud and hybrid environments and everything you knew about security is changing.
Social Enterprise: Trust; Vision; RevolutionPeter Coffee
Becoming a social enterprise is not a technical evolution, but a business transformation. Technologies enable it, but only a cultural commitment will achieve it. Doing it is not optional, unless going out of business is also considered an OK option.
While mobility enables business innovation and agility, it also introduces risk. These risks fall into four main areas: Device, network, apps/data and external threats.
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
In a world of evolving threats, your mobile data is in constant danger. All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices—usually a laptop, a tablet, and a smartphone—that they use both inside and outside of the office. Plus often they’re using their own personal devices to access corporate data. And outside the corporate firewall, it’s a wild world. Learn more at wild.druva.com.
Today, security is so much more than just a firewall. As we saw in our recent webinar, co-hosted with Microsoft to discuss their new Enterprise Mobility + Security Suite (EMS), breaches are resulting from weak end-user passwords or error, as well as a lax attitude toward SaaS and third party "Shadow IT." Add to that infrastructure complexity brought on by cloud and hybrid environments and everything you knew about security is changing.
Social Enterprise: Trust; Vision; RevolutionPeter Coffee
Becoming a social enterprise is not a technical evolution, but a business transformation. Technologies enable it, but only a cultural commitment will achieve it. Doing it is not optional, unless going out of business is also considered an OK option.
While mobility enables business innovation and agility, it also introduces risk. These risks fall into four main areas: Device, network, apps/data and external threats.
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
Sample Cloud Application Security and Operations Policy [release]LinkedIn
Modern employees have lots of data to work with, and they expect easy-to-use tools that work everywhere they do. To accomplish this, organizations are now taking on a “Cloud First” strategy, and moving critical infrastructure onto hosted providers. This de-centralization means that as ever-increasing amounts of data and processing are shifted out of the direct control of IT and security management, security teams must institute a suite of controls that will ensure the safety of company and customer data. We have developed this Cloud Application Policy Framework to help those responsible for the Confidentiality, Accessibility, and Integrity of corporate data identify the controls that must be in place to successfully complete this mission.
Securing Your Mobile Backend featuring Forrester Research inc - Combine API B...CA API Management
Many organizations are embracing mobile device management (MDM) and mobile app management (MAM) solutions to secure enterprise data and apps on smartphones, tablets and other mobile devices. However, these solutions are often not enough to provide the levels of secure and seamless access required for effective mobile workforce enablement.
This webinar, featuring Forrester MDM Analyst Christian Kane and Layer 7 Chief Strategy Officer Dimitri Sirota will examine how MDM/MAM solutions can be implemented in conjunction with Mobile Access and API Management technologies in order to deliver end-to-end data and app protection.
You Will Learn
How IT consumerization and BYOD are driving enterprise demand for MDM and MAM
The security scope and limitations of MDM/MAM solutions
The role of API Management products in securing the mobile backend
The benefits of end-to-end mobile security, from device to datacenter
Is your infrastructure holding you back?Gabe Akisanmi
This ebook will help you connect the dots between
today’s biggest business opportunities and the specific
technology required to seize them. You’ll get the facts
you need to identify where current components may
be falling short—and how the right investments in infrastructure
can lead to better business outcomes while
strengthening your role as a strategic consultant within
your organization.
"In this issue of “The 10 Most Trusted Companies in
Enterprise Security” Insights Success has shortlisted
those enterprise security providers which are providing
solutions that are systematically profile and
contextualize security threats with a level of detail and
granularity that has never been achieved before."
Learn How to Maximize Your ServiceNow InvestmentStave
Understand how leading companies are adopting an aPaaS strategy
Learn the evolution of ServiceNow's platform capabilities
Assert IT's influence over shadow IT practices
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Your firm needs to be committed to protecting information assets, including personal data and client documents. As a trusted advisor to our clients, the expectation is that we are aware of threats and are guarding their data. Data privacy and information security are fundamental components of doing business today, no matter how large your firm is.
In this paper we will look at three specific ways of protecting our clients:
1. Protection through our ability to research and improve intellectual capital
2. Protection through policies, procedures and processes
3. Protection by securing client data
Cyberattacks on government agencies at all levels can compromise private citizen information and leave the United States vulnerable to national security threats. Take these first steps toward stronger cybersecurity hygiene.
Insider's Guide to Cybersecurity for Government eBook: http://aka.ms/govcybersecurityguide
When you’re planning to move to the cloud and manage a hybrid environment, security is a top concern. But cloud is not necessarily less secure than a traditional environment. In fact, it may be possible to deliver even greater security in a hybrid cloud environment because it offers new and advanced opportunities.
In this eBook, you’ll discover how hackers are using traditional tactics in new ways to attack the cloud. You’ll also find out how the cloud can help you increase security with innovative approaches designed to detect threats long before they threaten your enterprise.
Organizations need to acquire the latest option accessible to them when it comes to managing the considerable growth of cloud-based solutions such as applications, data and cloud market. Cloud Application Control has proven its worth and organizations need to come and take a closer look at the application control solutions to streamline the security process.
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
Sample Cloud Application Security and Operations Policy [release]LinkedIn
Modern employees have lots of data to work with, and they expect easy-to-use tools that work everywhere they do. To accomplish this, organizations are now taking on a “Cloud First” strategy, and moving critical infrastructure onto hosted providers. This de-centralization means that as ever-increasing amounts of data and processing are shifted out of the direct control of IT and security management, security teams must institute a suite of controls that will ensure the safety of company and customer data. We have developed this Cloud Application Policy Framework to help those responsible for the Confidentiality, Accessibility, and Integrity of corporate data identify the controls that must be in place to successfully complete this mission.
Securing Your Mobile Backend featuring Forrester Research inc - Combine API B...CA API Management
Many organizations are embracing mobile device management (MDM) and mobile app management (MAM) solutions to secure enterprise data and apps on smartphones, tablets and other mobile devices. However, these solutions are often not enough to provide the levels of secure and seamless access required for effective mobile workforce enablement.
This webinar, featuring Forrester MDM Analyst Christian Kane and Layer 7 Chief Strategy Officer Dimitri Sirota will examine how MDM/MAM solutions can be implemented in conjunction with Mobile Access and API Management technologies in order to deliver end-to-end data and app protection.
You Will Learn
How IT consumerization and BYOD are driving enterprise demand for MDM and MAM
The security scope and limitations of MDM/MAM solutions
The role of API Management products in securing the mobile backend
The benefits of end-to-end mobile security, from device to datacenter
Is your infrastructure holding you back?Gabe Akisanmi
This ebook will help you connect the dots between
today’s biggest business opportunities and the specific
technology required to seize them. You’ll get the facts
you need to identify where current components may
be falling short—and how the right investments in infrastructure
can lead to better business outcomes while
strengthening your role as a strategic consultant within
your organization.
"In this issue of “The 10 Most Trusted Companies in
Enterprise Security” Insights Success has shortlisted
those enterprise security providers which are providing
solutions that are systematically profile and
contextualize security threats with a level of detail and
granularity that has never been achieved before."
Learn How to Maximize Your ServiceNow InvestmentStave
Understand how leading companies are adopting an aPaaS strategy
Learn the evolution of ServiceNow's platform capabilities
Assert IT's influence over shadow IT practices
All product and company names mentioned herein are for identification and educational purposes only and are the property of, and may be trademarks of, their respective owners.
Your firm needs to be committed to protecting information assets, including personal data and client documents. As a trusted advisor to our clients, the expectation is that we are aware of threats and are guarding their data. Data privacy and information security are fundamental components of doing business today, no matter how large your firm is.
In this paper we will look at three specific ways of protecting our clients:
1. Protection through our ability to research and improve intellectual capital
2. Protection through policies, procedures and processes
3. Protection by securing client data
Cyberattacks on government agencies at all levels can compromise private citizen information and leave the United States vulnerable to national security threats. Take these first steps toward stronger cybersecurity hygiene.
Insider's Guide to Cybersecurity for Government eBook: http://aka.ms/govcybersecurityguide
When you’re planning to move to the cloud and manage a hybrid environment, security is a top concern. But cloud is not necessarily less secure than a traditional environment. In fact, it may be possible to deliver even greater security in a hybrid cloud environment because it offers new and advanced opportunities.
In this eBook, you’ll discover how hackers are using traditional tactics in new ways to attack the cloud. You’ll also find out how the cloud can help you increase security with innovative approaches designed to detect threats long before they threaten your enterprise.
Organizations need to acquire the latest option accessible to them when it comes to managing the considerable growth of cloud-based solutions such as applications, data and cloud market. Cloud Application Control has proven its worth and organizations need to come and take a closer look at the application control solutions to streamline the security process.
Platform + Intelligence + Partners
This new understanding has led us to build new solutions for our customers. It informs our entire approach across three critical elements:
Building a platform that looks holistically across all the critical end-points we talked about – building security into our platform as well as providing security tools and technologies to you
Acting on the Intelligence that comes from our security-related signals and insights – helps you and us to detect threats more quickly
Fostering a vibrant ecosystem of partners who help us raise the bar across the industry – we know we’re not your only security vendor, and we want to work with the industry and take a holistic approach to technology
Microsoft 365 provides holistic security that is aligned to these four pillars of security.
By helping enterprise businesses secure corporate data and manage risk in today’s mobile-first, cloud-first world Microsoft 365 E5 enables customers to digitally transform by unifying user productivity and enterprise security tools into a single suite that enables the modern workplace.
Identity & Access Mgmt
Protect users’ identities and control access to valuable resources based on user risk level
Information Protection
Ensure documents and emails are seen only by authorized people
Threat Protection
Protect against advanced threats and recover quickly when attacked
Security Management
Gain visibility and control over security tools
NetskopeTM is the leader in cloud app analytics and policy enforce- ment. Only Netskope eliminates the catch-22 between being agile and being secure and compliant by providing complete visibility, enforcing sophisticated policies, and protecting data in cloud apps.
Security Redefined - Prevention is the future!!Daniel L. Cruz
Android is winning the mobile market in numbers of devices and applications. Soon, Android will also dominate the evolving IOT device and application market. Device+Application security certification testing must become embedded as a process and every piece of software capable of being exposed to hackers.
As every digital advancement creates a new vector for risk, trust becomes the cornerstone of the digital economy. To gain the trust of individuals, ecosystems, and regulators in the digital economy, businesses must possess strong security and ethics at each stage of the customer journey.
As every digital advancement creates a new vector for risk, trust becomes the cornerstone of the digital economy. Without trust, digital businesses cannot use and share the data that underpins their operations. To gain the trust of individuals, ecosystems, and regulators in the digital economy, businesses must possess strong security and ethics at each stage of the customer journey.
Mobilizing Enterprise Data for mobile apps and platformsAlex Zaltsman
InnoviMobile outlines our Mobile Action Plan for mobilizing data in the enterprise. The end goal is to unlock productivity gains by enabling workers to do their jobs and use their line of business applications more effectively.
In 2016, cloud technologies went mainstream. But with maturity came the realization that moving to the cloud doesn’t happen overnight. CIOs are prioritizing hosted computing and cloud data storage. But they’re approaching the shift as a gradual, multi-year journey.
Many startups and small businesses will continue to go all-in on cloud. But enterprises will find success in a slow but steady move from on-prem. Hybrid ecosystems—of data, software, and infrastructure—will be the reality for most established organizations.
As this shift to cloud progresses where are things are headed? This paper highlights the top cloud trends for 2017.
How is mobility transforming the enterprise? What is the fizzle that drives success? What are the key tools and trends to keep in mind for 2015?
Every year we advise our customers and partners on the top trends in mobile and what it means for them. This year we've expanded this by looking specifically at enterprise mobility trends based on insights from customers, research and more.
Selecting an App Security Testing Partner: An eGuideHCLSoftware
In the age of digital transformation, global businesses leverage web application scanning tools to shape innovative employee cultures, business processes, and customer experiences. The surge in remote work, cloud computing, and online services unveils unprecedented vulnerabilities and threats.
Learn more: https://hclsw.co/ftpwvz
Procuring an Application Security Testing PartnerHCLSoftware
Procuring an Application Security Testing Partner is crucial for safeguarding digital assets. An Application Security Testing Partner specializes in conducting comprehensive assessments using keywords like vulnerability scanning, penetration testing, code review, and threat modeling. Their expertise ensures your applications are fortified against cyber threats, providing peace of mind in an increasingly interconnected digital landscape.
Learn More: https://hclsw.co/ftpwvz
Mobile devices can boost productivity and competitive advantage, but your enterprise-IT organization must support new mobile strategies, while complying with government regulations and maintaining security. See how you can implement robust security features in your existing apps with SAP Mobile App Protection by Mocana.
Similar to 10 alternatives to heavy handed cloud app control (20)
THE SIX TRAITS OF IT-DRIVEN BUSINESS INNOVATORS- Does Your Organization Share...Aneel Mitra
Leading IT executives react to a Harvard Business Review survey outlining the six behaviors of companies with innovative IT. Does your organization share any of these characteristics?
Outsmart the risks that could impact your business.The Risk-Driven Business Model and learn more about why the key choices you make in designing your business model can dramatically reduce risk
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Securing your Kubernetes cluster_ a step-by-step guide to success !
10 alternatives to heavy handed cloud app control
1. “Allow is the New Block” in Action:
10 Alternatives to Heavy-Handed
Cloud App Control
2. ALLOW IS THE NEW BLOCK 1
“Allow is the New Block”
“Allow is the New Block” is a philosophy we live by at Netskope. It encapsulates our view on
cloud enablement and reflects our product capabilities. But it’s more than just a glib catch-
phrase. We believe in it and there’s real meaning and substance behind it.
For as long as the term “Shadow IT” has existed, technology vendors have encouraged IT
professionals to uncover unsanctioned IT in their organizations so they can block it. And if you
think about things from a purely security-oriented point-of-view, blocking makes a lot of
sense. But we, and our customers, are taking a different tack. Our point of view is that blocking
any useful technology doesn’t work and ultimately does the IT organization and the business a
disservice. Cloud apps like Box, Dropbox, Jira, NetSuite, and Workday help people get their jobs
done more efficiently and flexibly, and people will always find ways to use cloud apps, even if it
means going outside of enterprise policy.
Our view is that with a little diligence, the right data, and the ability to enforce policy in a very
precise manner, enterprise IT can eliminate the catch-22 of enabling the cloud while protecting
the enterprise. By looking closely at cloud app usage, using granular policies to shape behavior,
and using data to have a conversation with users and lines of business, they are eschewing
heavy-handed controls for a more nuanced and effective approach.
10 Alternatives to Heavy-Handed Cloud App Controls
Below are ten best practices we generalize from the thoughtful and creative approach our
customers are taking.
1. Evaluate app risk
After discovering cloud apps in their
environment, many of our customers evaluate
the risk of those apps. They use the Netskope
Cloud Confidence Index™ (CCI) to give them an
enterprise-readiness score based on objective
criteria. For a low-confidence app, they then
evaluate the app based on how it is used in the
enterprise. Is it used for high-value or
mission-critical activities or does it handle
sensitive data? If so, they may limit certain
activities in the app or partner with the
business to select a less-risky app that offers
similar functionality. If not, they may simply let the app continue and monitor it closely. This is
especially important for the apps they don’t procure or administer, but are still broadly used in
the enterprise.
2. Monitor usage
Many of our customers go beyond discovering cloud apps to understand what people are doing
in them. One Netskope customer in the media industry employs a usage framework to evaluate
the scope, business case, and risk of the app. IT measures app user counts and usage volume
3. ALLOW IS THE NEW BLOCK 2
to ascertain scope. For heavily-used apps, they identify activities (e.g., sharing, downloading,
and editing), and build a business case to either support the app or, in the case of app overlap,
suggest consolidation. Finally, they look at usage through a risk lens, assigning each activity a
risk level. When they find an app in which users are performing high-risk activities, they set a
policy blocking the risky activity.
3. Look for anomalies
The above example highlights the
importance of looking at behaviors
within apps, not just the presence
of an app. Some questions our
customers ask when they use our
solution is: What is the usage
baseline of this app, and are there
spikes in usage or activity? Are
there more sessions than normal
in a given time period? Excessive downloading? People logging in from locations they shouldn’t
be, or from two locations at once? These behaviors can signal risky behavior or even an external
attack.
4. Block an activity, not an app
Some technology vendors
encourage IT to uncover
unsanctioned apps so they can
shut them down. This
sledgehammer approach rarely
works and pits IT against the
business in a negative way. Rather
than block an app wholesale,
several of our customers analyze
the activities within the apps that
represent the most risk (e.g.,
downloading to a mobile device,
sharing with someone outside of the company) and block them. This lets them shape the
activity to mitigate risk. Key to this is that they do this for not just the apps they manage but
especially for the ones they don’t.
5. Protect data in context
Adopters of data leakage prevention solutions – or any detection technologies for that matter –
know full well that too many false positives erode the value of a solution. As our customers
think about cloud data loss prevention, they are being smart about context. Rather than just
detect patterns or key words, they are using Netskope to define granular contextual situations
incorporating user, group, app category, location, device, and activity (such as upload or share)
that help narrow the scope of where a data breach is likely to occur. This helps them increase
their accuracy when they do apply data loss prevention techniques such as blocking or
encrypting.
4. ALLOW IS THE NEW BLOCK 3
6. Have a conversation
One of our e-commerce customers needs to keep a close eye on PCI DSS compliance. But they
also have an enabling philosophy when it comes to cloud apps. So, when IT finds an app that
does not facilitate PCI compliance or identifies a behavior within an app that could hurt their
compliance status, they learn how the app is being used, come up with a few options to
improve their compliance status, and then have a conversation about it with the user or line of
business. Tapping someone on the shoulder and having a data-driven conversation increases
the chance of an optimal outcome for both IT and the business.
7. Provide alternatives
One of our healthcare customers is all about coming to the conversation not just with data, but
with alternatives. They use the CCI to identify apps that have similar features and functionality
to riskier ones the business may be using. In the conversation, IT points out why the apps in
use put the business at risk (e.g., poor auditability or lack of HIPAA compliance) and offer
choices that have a higher confidence score. This positions IT as a problem-solver and
increases the chances that users will solicit IT’s input before procuring a cloud app the next
time around.
8. Trust but verify
One of our media customers is reluctant to put onerous policies in place. Their culture centers
on trusting people, and their risk profile enables them to make the tradeoff of permissiveness
with potential data leakage. They balance this by auditing cloud app usage on a periodic basis
as well as setting watch lists for particular behaviors that can signal a potential data breach or
malicious activity.
9. Do forensics in the cloud
In addition to cloud audits, several of our customers perform forensic analysis after a suspected
breach. In one example, a departing employee of one of our customers stole proprietary
content to take to a competitor. IT identified the data breach as well as the events leading up to
it, giving the company enough evidence to approach the competitor and recover the content. As
a result of the accurate, thorough forensic audit trail, the employee in question lost his job not
only at our customer, but also at the competitor.