Start-up Netskope comes out of stealth mode today in unveiling its security service intended to help enterprises monitor how employees are using cloud-based applications, such as Salesforce.com, while also giving IT managers the ability to block data transfers or receive alerts.
The Los Altos, Calif., company says its offering enables customers that use cloud services to direct traffic originating on premises or from a remote worker's device to Netskope's cloud for monitoring before this traffic travels on to its cloud application destination. The Netskope service can apply various kinds of security controls to about 3,000 different cloud-based applications, whether they be software-as-a-service (SaaS), platform as a service (PaaS) or infrastructure as a service (IaaS).
Netskope's service can provide a clear picture of all the users and their devices, their roles, and even if they are transferring sensitive data, such as information typically restricted under Payment Card Industry (PCI) rules. "We look at enterprise cloud traffic," says CEO Sanjay Beri, previously vice president and general manager in Juniper Networks' access security and Pulse business unit.
The Netskope service can categorize cloud services, such as cloud-storage apps, and show what everyone in the company is doing with any particular service, Beri says. If a company wants to look at encrypted data, it can be decrypted through use of the company's SSL certificate.
For organizations that want to monitor restricted content, such as Social Security numbers or PCI data, Netskope has a meta-data process that can help identify some types of sensitive information, Beri says. Netskope can be set up for use based on a variety of policies, and if it appears they are being violated in cloud usage, an alert is sent or a user might be blocked.
Beri argues that Netskope is needed because cloud services are often initiated by business people without even consulting the IT department. Netskope monitoring allows for productive use of the cloud while giving IT a grip on what's happening and an understanding if security compliance is achieved.
Netskope itself does not store cloud content, but it can be used as an audit tool for cloud services. The service requires customers to direct cloud traffic from on premises for DNS resolution at Netskope before traffic continues on to its cloud destination. Remote workers with Windows or Mac computers need to install Netskope client software. Netskope also supports Apple iOS devices without needing client software, and Android device support remains in the future.
Netskope's own cloud relies on four data centers in San Jose, Ashburn, Va., Amsterdam and Singapore.
Ryan Notley, director of engineering at the Las Vegas travel site Vegas.com, says he has been testing Netskope for about a month with the IT department and the company's call center. To Beri's earlier point, Notley says employees increasingly have been signing up for cloud services without letting the IT department know. Netskope is a way the travel-site firm, based in Henderson, Nev., can keep tabs on what cloud services are in use.
Sign up for CIO Asia eNewsletters.