Netskope: Cloud Access Security Broker
vs Secure Web Gateway
29/11/19 - Dan Reeder | Certified Netskope Consultant
Historically having your head in the clouds, depending on how you perceive the statement, hasn’t always been the best thing to hear when we are talking about a person or an organisation but now maybe it is. It is not unknown that the world of IT is becoming more and more cloud based. A lot of organisations are moving away from the old school mindset of having all of their infrastructure hosted in on premise data centers, or having to manage this infrastructure and the applications that sit on them.
Now we have the ever growing list of cloud based offering.
This means that most organisations will have first granted their staff direct access to the internet, then will have migrated some basic services like email and maybe some storage solution to the cloud for easy mobile access, before replacing on-premise hardware with an infrastructure-as-a-service (IAAS) solution such as AWS. From a security standpoint this can be really scary as your data is now flying around the world and could end up anywhere… but now we have Netskope.
What is Netskope?
Netskope is a software company that has a focus on security to protect company data and to protect against threats in everything cloud. Netskope is the leader in Cloud access security brokers (CASBs) according to Gartner, and can also provide a platform for Secure Web Gateway (SWG) all from one cloud instance.
CASB vs SWG?
As the technology and functionality of both CASBs and SWGs grow, they are becoming more and more fitting to replace existing proxies and firewalls. They are both proxies, both offer data and threat protection for an organisation, and both are cloud based. However, vendors are marketing them as different products but they seem to be the same, right? Wrong.
SWGs are more of a direct replacement for your typical on premise firewall. It will provide functionality for the typical network or perimeter protection use case, but in the cloud.
A CASB has a separate, and more distinctive role. Differing from the use case for SWG, which focuses on the broader filtering and protection against inbound threats and filtering illegitimate web traffic, a CASB is more deeply integrated and has control over your cloud application usage. It can be tied into an applications API to scan data at rest or can be used with a proxy based deployment to enforce inline policies for more real time protection.
Let's go through some use cases that can be tackled with Netskope:
1. Cloud Application Visibility:
A customer wants to have better visibility of what cloud apps are being used within their organisation.
2. Cloud Data Access Governance:
A customer wants to restrict what data can be uploaded to cloud apps based on compliance restrictions or a companies security posture.
3. Unmanaged Devices:
A customer wants to stop their employees downloading from their corporate web applications to private devices.
4. Governance of Cloud Applications:
A customer wants to limit their employees from uploading data to unsanctioned cloud applications.
5. Web Security:
A customer wants to simplify their SWG and needs to provide protection for employees going direct-to-internet.
6. How to Protect Public Cloud (IAAS):
A customer wants to identify all sanctioned and unsanctioned instances in their cloud infrastructure and protect against deliberate or inadvertent misconfiguration that could lead to the exposure of sensitive data.
Netskope’s Whitepaper discusses Web Security in the Digital Age and how Enterprises today are faced with the daunting challenge of seamlessly securing critical data traversing the network to access SaaS apps, IaaS, and the web from any endpoint. Although web security vendors have attempted to address this problem by packaging and moving their legacy solutions to the cloud, this approach does not address security challenges created by the use of SaaS and IaaS, or the way the dynamic web is built today. To realise this new network vision, a fundamentally different approach to security is needed – one that allows organisations to address these changes head-on with a unified cloud and web security platform that was designed from the start for today’s next-generation cloud-first enterprise.
Join our Netskope Webinar on 30th January
Register for one of our webinars on Netskope: ‘Moving your Web Security to the Cloud, from the Cloud’, or drop us a line if you have any questions.