I had an 'aha' moment while I was at the airport recently. I was just about to enter the security line when the alarm went off and the usually fast frequent flier line I was in came to a screeching halt as apparently one of the passengers failed the security screening. As a result of one individual's actions, hundreds of us were impacted and had to undergo an extra rigorous security check, even more than the typical TSA scrutiny.
This was an aha moment for me as it reminded me of a trade-off that has existed for quite some time with security technologies. Organizations have always had to make the trade-off between security and end user experience. One example is traditional firewalls performing coarse-grained blocking of applications and services at the perimeter of your network. While this has long been an effective approach to securing your infrastructure, the trade-off has always been user experience. Security folks would find one bad behavior involving one user and a particular app and would block the app altogether. In some cases the app was not the risk, it was the user's behavior or the content they were working with. Blocking the app for one user often meant blocking the app for potentially all thousands of users that rely on it to be more productive and get their jobs done. Sure you could focus in on a single IP address, but with potentially thousands of users and the risk of similar behavior, shutting down the app is easier. Just like the person's behavior at the airport impacting the experience of everyone else.
Next generation firewalls over the past several years have innovated rapidly to combine deep packet inspection and application intelligence to identify applications and provide policy control specific to the application. While next-generation firewalls address real security challenges around threat protection and content filtering, they were not built to address granular policy enforcement needed for cloud app usage.
With Netskope, IT gets to have their cake and eat it too. Netskope is the only CASB vendor or cloud security solution that provides safe cloud enablement and strong security controls for cloud apps without sacrificing end user experience.
There are 3 key areas of our technology that enable this:
First, our architecture provides granular policy control taking in account identity, location, content and activity so IT can be laser focused and direct policy towards behavior and not only specific apps. With Netskope, you don't have to block all hundreds or thousands of users tied to a app; you can focus on a particular behavior such as sharing, a particular content such as personally identifiable information, a particular identity such as 'accounting' and even a specific device such as iOS. Mix and match and choose the policy that is right for your situation. If you have a problem with iPhones sharing sensitive content with a risky app, don't shut down the app and potentially affect thousands of users, shut down iPhones sharing risky data with the app.
Secondly, Netskope provides an elegant coaching facility where IT can be transparent with users, educating them on IT policy, guiding them on activity, and automatically directing them to do the right thing. Coaching is part of Netskope's policy engine workflow and can be configured with custom logos and messages. Coaching is key to delivering good user experience.
Lastly, Netskope's platform provides the ability for users to justify their actions when a policy has been violated. Perhaps they have a good reason and it can be unfair and have a negative impact on productivity if you simply block what they are doing. Netskope ensures that users are part of the solution and not simply a part of the problem.
In this cloudy and mobile world where the network perimeter has evolved, security needs to evolve to meet the demands of not only security practitioners needing to secure this environment, but also the users that more often than not just want to be productive and get their work done. I only wish TSA would innovate as much as cloud security has.
About the AuthorFollow on Twitter More Content by Bob Gilbert