Demo - Contextual policies safely enable sharing in cloud storage
Legacy systems such as perimeter security devices provide a coarse-grained view into cloud usage with information about bytes up, bytes down, and src and destination IP address. The lack of granular details about cloud usage forces you into a difficult allow vs block decision for cloud services discovered in your environment.
Netskope on the other hand uses patented technology to provide contextual details for all cloud usage including users, devices, locations, dates, times, content, recipients, and more than 50 activities such as “share,” “upload,” “edit,” and “ delete”.
This contextual data is available across any app, app instance, or even at the app category level. Unlike other CASBs that provide contextual details for dozens of sanctioned cloud services, Netskope provides contextual details for thousands of sanctioned and unsanctioned cloud services.
The benefit of this granularity is that, rather than blocking cloud services to address risk, customers can finally say “yes” to useful ones because they have the visibility and control they need to both understand and carve out the risky activities.
This demo showcases a scenario where contextual details are key. Here we have a company that has detected 67 cloud storage apps in use in their environment. The security team is concerned about the risk associated with these apps, especially for users in their Finance group. At the same time, the security team does not want to simply block these apps as they don’t want to disrupt user productivity. The catch-22 decision between use these services or not presents a big challenge for this company.
This is where Netskope’s unique ability to enable contextual policies across all cloud services comes into play. For this scenario, we want to bring in four contextual elements into our policy:
Starting with the From user, we will focus on the Finance Group For the App, we will choose Cloud Storage as the category to cover all 67 apps discovered in this environment For the activity, we will focus on Share And for the To user or recipient, we will look for users outside of the company
This is going to enable us to deliver a policy that addresses the use case “No sharing from any Cloud Storage app by anyone in Finance when the recipient is outside of our company”