Splunk, Okta and Netskope: Better Together
Release Date: 01/10/20
Authors: Baz Donoghue & Grace Maher
Cloud Transformation is nothing new; organisations have been leveraging cloud-based technologies for some time.
Most organisations have some footing in IaaS, PaaS or SaaS solutions, however given the current global situation with Covid-19, many more organisations have taken a running jump into the cloud in order to maintain business continuity.
However, continuity in the Cloud comes with increased risk in the forms of malicious threat actors, platform mis-configuration and last but not least, insider threat; be it intentional or accidental.
In this blog we are going to focus on the latter risk, specifically our users, many of which have had to embrace remote working at pace in less than ideal circumstances.
In a perfect world organisations would provide a sanctioned corporate device bristling with security controls and endpoint protection to remote workers, however the agility at which many organisations had to react at during the early stages of the pandemic means that more users than ever are carrying out business functions using their own personal devices.
Practically, what does this mean from a security perspective?
- Organisations have little to no visibility of what Cloud applications personnel are using.
- Users can download data from corporate instances of cloud applications to their personal devices.
- Users can then upload and share that data in an uncontrolled way via unsanctioned cloud applications.
- Security teams working remotely have little visibility of these activities occurring and are slow to respond, if indeed they can respond at all.
So what is the solution?
Many organisations do have Cloud native security tooling in place, such as Identity access management, security logging capabilities or Cloud Access Security Brokers. However, very often these technologies are being operated independently from each other, when much like cheese and wine, they are better (and often more effective!) together.
My users can download data from my cloud applications to their personal devices.
Splunk, Okta and Netskope – Working Together.
How it works:
In this example, we will demonstrate how we can combine three already best of breed technologies that many organisations already have, to provide value above and beyond what they are capable of alone.
In the above example, a user is attempting to access a corporate instance of a Cloud Storage solution (OneDrive in this example, other Cloud Storage Solutions are available) via their personal device. This opens up the possibility of said user downloading sensitive corporate data onto an uncontrolled endpoint and ultimately means we have lost visibility of how that data is used or where it moves to.
With Splunk, Okta And Netskope working together this risk can be managed or completely mitigated depending on your organisation’s current security posture.
When a user attempts to access the corporate instance of your Cloud Storage solution, Okta ensures that they are redirected in order to utilise Single Sign-on methodology with additional security controls such as MFA to authenticate.
Once authenticated with Okta, Netskope steps in and ensures that all activities on the Cloud Storage solution are controlled and monitored via a reverse proxy architecture.
All activity by the user is audited, including what resources they acces and what actions are carried out.
All of these audit events are in turn logged via Splunk Cloud leveraging Enterprise Security. This ensures that all activities can be correlated against other security use cases and if needs be alerting or automation can be put in place to react to specific situations.
An in-depth exploration of the advantages integrating these technologies together brings and details of how this use case can play out is explored during our Better Together workshop.
In closing, many cloud based security solutions are likely already in place within your organisation, now is the time to combine their capabilities to enable symbiotic relationships between tools to provide visibility and security controls designed to keep the peace in a tumultuous and dangerous online world.
It’s dangerous to go alone, don’t leave your digital front door without them.
Get Notified for New Blogs:
We post regularly on the platforms below, notifying our audience when we publish new pieces.
All views expressed on this blog are the author’s own and do not represent the opinions of any entity whatsoever with which the author
has been, is now or will be affiliated, inc. this organisation whose website the blog is hosted on, or any partner of this organisation.