James Christiansen, Netskope: before you can control the data, you need to have visibility
As the cloud accelerated the way data is spread and delivered, it also created new opportunities for threat actors to target businesses and individuals worldwide. In such times, it’s important to understand how crucial malware-proof cloud security is and what makes a certain provider right for you.
As the technology grows, transforms, and adapts, security should transform along with it. Netskope’s Security Cloud offers real-time personal information and threat protection, providing users with data-centric cloud security.
James Christiansen, the Vice President of cloud security transformation at Netskope, shared the latest trends in modern security practices, discussed how cybercriminals use cloud apps to spread malware, and talked us through Netskope’s innovative approach to “cloud-smart security.”
It is said that today’s security is going perimeterless or borderless. Could you explain what it means?
In the past, the firewall was used to create a network perimeter. Now, for the average company, more data resides outside of it than within. Thus, the old network perimeter no longer exists. We no longer control the network users traverse or write the applications they use. Moreover, a majority of the devices being used, we don’t control. The controls we used to establish protection have all shifted.
With the rapid adoption of cloud apps and SaaS platforms as a result of digital transformation, data began flowing at a much more rapid pace to places where traditional security technology is blind. Securing the new ecosystem of web and SaaS applications without slowing down the business demands a new security model based on contextual knowledge of the cloud. Security tools today have to adapt beyond on-premise to detect threats and be deployed under a Continuous Adaptive Trust model to always protect data anywhere it lives.
You recently presented five drivers of data protection on your website. Can you tell us a little bit about them?
Data is the driving force behind innovation, efficacy, and ultimately, the success of an organization. It is not only a tool but a key value-creation asset for organizations. That said, data must be protected to maintain and ensure a competitive advantage, the privacy rights of customers and employees, and the stability and accuracy of business operations.
Modern data protection has five key drivers that should form the basis of any robust protection strategy, and that applies to cloud and non-cloud-related data equally. These five drivers are where the data is stored/located, the sensitivity of the data, the flow of the data through the ecosystem, who has access to the data, and how well the data is protected.
Before you can control the data, you need to have visibility. The most effective security programs are based on managing the risk of data and information. However, organizations can’t manage the risk of something they are blind to, so the first step is gaining visibility. As organizations have migrated to cloud technologies, security controls often lag behind. Once there is visibility into how information is flowing and being used, the proper controls can be implemented to support an adaptive trust model.
Determining what information is stored locally, in the cloud, or at a third party, and jurisdictional data privacy requirements are the first steps in determining true data risks. From there, it’s important to analyze the sensitivity of the data. That is—the importance of the data to the business, and the likely impact to the business should this data be made available to non-authorized parties (including being made public) or be modified or corrupted.
Further understanding where the data is flowing gives security teams the opportunity to ensure only authorized access is permitted and that data is not transferred to non-authorized or unprotected environments. Data flows are also crucial for regulatory compliance. Regulations like GDPR restrict the flow of personal data outside the geographic bounds. Unless you can visualize and control the data flows, you can not protect the information nor ensure compliance with the regulations.
Assess third-party suppliers, partners and understand who has access to the data. Determine if the right identities (machine and person) do have access, and determine who should not. Finally, know what controls are being used to protect the data. More importantly, if they are operating as designed and effectively.
Netskope is described as data-centric and cloud-smart. Please, tell us more about your approach.
Netskope takes a data-centric approach to cloud security, following data everywhere it goes. We believe in a continuous adaptive trust approach in which data is constantly being assessed and protected in real-time no matter where it lives. From data created and exposed in the cloud to data going to unmanaged cloud apps and personal devices, Netskope protects data and users everywhere.
Besides protecting cloud users and their data, you also run Netskope Threat Labs. What is it, and what does your research focus on?
Netskope Threat Labs specializes in cloud-focused threat research. Directed by Ray Canzanese and staffed by industry-leading cloud threat and malware researchers—Netskope Threat Labs discovers, analyses, and designs defenses against the latest cloud threats affecting enterprises.
Original research and in-depth analysis of cloud-related threats produced by Netskope Threat Labs—such as the Netskope Cloud and Threat Report—primarily examines cloud phishing, scams, malware delivery, command and control, data exfiltration, and data exposure. This research helps protect Netskope customers from malicious actors and contributes to the global security community with research, advice, and best practices.
According to your recent report, cloud apps are widely used to deliver malware. Could you tell us more about how cyber-criminals operate?
Attackers increasingly abuse popular cloud apps to deliver malware and avoid blocklists. The primary reason attackers use cloud apps for malware delivery is to bypass blocks and take advantage of any app-specific permissions. While cloud attacks are typically short-lived—assuming the correct security measures are deployed — attackers have demonstrated the ability to access data and significantly compromise an organization’s security in a short window of time.
In addition, malware authors have found new and creative ways to evade detection. For example, our report found that in the second quarter of 2021, 43% of all malware downloads were malicious Office docs, compared to just 20% at the beginning of 2020. More specifically, our report indicated that Google Drive and Microsoft OneDrive are the most popular cloud apps to upload data.
Netskope just introduced Cloud Firewall-as-a-Service. What does that mean for an average user?
The recent announcement is an expansion of Netskope’s already complete Secure Access Service Edge (SASE) and Zero Trust platform, further positioning the company as a leader in the SASE space. The Netskope Cloud Firewall is a firewall-as-a-service offering that helps reduce complexity, lower overall operational expenses, prevent a degraded user experience, and accelerate time-to-value for organizations transforming their security and networking to meet the demands of branch offices and a remote-first workforce. Netskope Cloud Firewall is fully integrated into the Netskope Security Cloud and provides cloud firewall services to users and offices for outbound egress traffic.
Users have access to:
- Network security for all outbound ports and protocols for safe, direct-to-internet access using the Netskope client on managed devices or via GRE and IPsec tunnels for offices
- 5-tuple policy controls, user and group IDs, FQDNs, and wildcards for egress firewall settings, plus seamless FTP ALG support, and full logging (TCP, UDP, ICMP) with event export, including into Netskope Advanced Analytics
- Centralized access control, providing simplified management for users and branch offices using one console, one policy engine, and one security platform
The public showed increased interest in VPN and cloud solutions during the pandemic, but in your opinion, which option is here to stay? How do you think these solutions are going to evolve in the nearest future?
While the pandemic resulted in increased spending on VPN solutions at first, the longer-term outlook indicates zero-trust network access (ZTNA) will become the primary replacement technology. In fact, Gartner predicts that by 2024, at least 40% of all remote access users will be served predominantly by zero-trust network access (ZTNA), up from less than 5% at the end of 2020. Netskope Private Access (NPA) is a cloud-native ZTNA solution that directly and securely connects users anywhere to specific internal resources hosted in the public cloud and/or private data centers. More specifically, Netskope Private Access supports hybrid cloud infrastructure and provides direct user-to-application connectivity—bypassing the limitations of legacy networking infrastructure.
Share with us, what’s next for Netskope?
Our goal is to further establish Netskope as the leader in the SASE space, which analysts estimate is the $30 billion addressable market. In early November, we’re hosting SASE Week, a virtual event dedicated to demystifying SASE and enabling digital transformation for remote workers everywhere.