Netskope: NewEdge, SASE and the future of cloud security
The global cybersecurity industry is undergoing a radical transformation. As enterprise network architectures move steadily away from centralised infrastructure-based solutions and towards the cloud, cybersecurity teams are being presented with a completely different landscape. A significant number of legacy firms are struggling to achieve the same level of cyber defence in these cloud-native environments.
“Traditionally, cybersecurity was very on-premises and control based. You’d pivot and run your users, transactions and data through your network to be inspected and controlled through your stack. In a cloud-based environment, that on-prem approach doesn’t work anymore,” explains David Fairman, Chief Security Officer (CSO) APAC at Netskope.
Founded in 2012, Netskope has spent the past decade becoming a trailblazing innovator and industry leader in the cloud security space. “We’re a cloud-native data protection and data security platform. Period,” says Fairman. “We’re the only pure play, cloud native secure access service edge (SASE - pronounced “sassy”) platform in the industry. SASE is a services-oriented approach that allows full data protection, next-gen secure web gateway, zero-trust, cloud security policy management and CASB, ‘all-in-one’ platform, through one single pane of glass with one policy engine.”
Fairman joined Netskope as CSO APAC in June 2020, after more than a decade overseeing the cybersecurity functions of some of the world’s biggest banks. Now, he explains, he’s looking to broaden his horizons and work to continually build a product he believes in, made by a “vendor that’s solving real problems and making security operations teams’ jobs easier.”
We spoke with Fairman to find out more about Netskope’s unique, powerful and cloud-native cybersecurity offerings, and how the company’s Cloud XD technology helps customers eliminate blindspots, achieve deep visibility and granular control over their data.
The journey to cloud
Over the past decade, the importance of data collection, management and security has become paramount to the success of the modern enterprise. As more and more enterprises turn to the public and hybrid cloud as the place to store their data, the nature of a cybersecurity function has shifted dramatically.
The traditional approach to cybersecurity, involving on-premises IT devices and a strong firewall with simple “block vs allow” permissions, has been replaced by sprawling cloud and distributed edge networks, with legacy players left unsure where the enterprise ends and the network begins.
“When an organisation is progressing on its digital transformation journey, what’s happening now is that traditional security teams are starting to come up against blind spots, because they’re not necessarily seeing the complete picture of cloud native traffic,” Fairman explains. He adds that the modern security team has to focus on removing those blind spots in order to find a way to embrace the cloud without compromising security. “That’s one of the benefits that Netskope brings to the table. We’re able to remove those blind spots and give full visibility into the cloud.”
Fairman continues, adding that the methods of thinking used by traditional security practitioners don’t necessarily apply in the world of cloud, but that the move away from traditional cybersecurity architectures holds a great deal of promise for making companies not only more secure, but more flexible and transparent. “The ways we used to control activity, users and data don’t necessarily apply now,” he says. “The traditional ways of thinking about cybersecurity architecture in the industry need to transform.”
Cloud XD: Unlocking the power of SASE
The SASE approach to cybersecurity combines intelligent data analysis and threat detection technology with powerful, micro-segmented, granular permission control. “I like to think of us as the inspection and the policy enforcement point between the identity - whether that’s a machine or a user - and the data,” Fairman explains. “That inspection point allows us to apply fine grain control and access between a company’s most vital asset - its data - and places where it’s used, manipulated and transferred.”
Netskope’s position as a cloud-native company has led to the development of a truly modern, highly powerful security solution over the past decade, with hyper-specific instance awareness at its heart, all driven by Cloud XD.
“Cloud XD is the engine of the Netskope platform,” enthuses Fairman. “It’s what enables instance awareness, which is our key differentiator.” Instance awareness empowers Netskope users with an unrivalled level of granular visibility into their network’s users, devices, applications and activity - both in the cloud and on the web.
“We can differentiate if an end user is going to a corporate instance of a cloud-based application. Let’s say I’m going from my corporate account to my corporate instance of an app,” poses Fairman. “If I try to then access my personal instance of that app, Netskope can differentiate between them, as well as drill in and identify the commands that I’m making in those different instances. Netskope could then enable me to have full privileges on my corporate instance of the app, but only be able to read on my personal instance.”
The result, he explains, is that “the days of ‘Block or Allow’ are over”. With Netskope able to decode APIs and JSON, it can give its users a much finer, more granular level of control over their network edge. Fairman adds that, “the policy enforcement we can do is really powerful.”
Verizon
“Verizon is a key strategic partner for us, not just in APAC but globally,” comments Fairman. “Through this partnership, we’ve been able to advance our customers’ goals together. At the moment those goals are usually centred around digital transformation and managing digital risk in their organisations. Through our partnership with Verizon, we’re able to help them achieve those goals effectively and efficiently.”
Introducing NewEdge
At a time when the industry-wide journey to cloud is being accelerated by the COVID-19 pandemic’s creation of an increasingly remote global workforce, the ability to deliver comprehensive cybersecurity solutions across modern architectures without sacrificing connection speeds and other performance elements is critical.
Netskope’s NewEdge was released in July of 2019 and has been rolled out across multiple markets over the last year, receiving recognition in September 2020 as one of the most interconnected networks in the world. “Businesses today are increasingly supporting a distributed workforce, but struggle to find the cloud and web security tools to support employees anywhere, on any device, at any time,” said Netskope founder and CEO Sanjay Beri at the launch event.
“When companies deploy security appliances in a few select locations, or work with a security vendor with legacy-technology-based points of presence, they settle for a less-than-desirable, latency-prone experience for remote offices and remote employees. Netskope NewEdge provides all users, regardless of location or connectivity, with an unparalleled, global network infrastructure that enables the right balance of control and speed to meet the demands of today’s modern enterprises, without added complexity.”
Delivering global access from anywhere, extensive peering solutions and a host of other features, NewEdge is unlocking the power of SASE solutions for Netskope and its customers. “It makes Netskope the most well-connected cloud security offering on the market right now, and gives our customers massive performance and scalability,” says Fairman.
The global remote work experiment
Since March, countries around the world have been forced into varying degrees of lockdown and social distancing measures in order to combat the ongoing spread of COVID-19. Enterprises have responded by entering into what amounts to the largest social and economic experiment with remote work in history. A number of companies have seen productivity increase, employees have felt their work-life balance shift to a better place, and many organisations have changed their previous stance on working from home permanently. The world that COVID-19 leaves behind will be one of more distributed workforces and increasingly digitalised operations.
However, this has presented a problem for many enterprise security teams. They have found the number of endpoints with access to their system doubling, as more people use personal devices for work-related activities; employees logging on using unsecured networks and devices; increased network load; all present an increasingly difficult challenge for enterprise security teams.
This is where Netskope comes in. “The crisis has been a great opportunity for Netskope to help our customers make a very rapid transition toward remote work. Obviously we’re helping them better understand and protect their data, but our platform also brings zero-trust capabilities to the table, which has been a technology that has really increased in prominence over the past six months. We’ve been a player in that space for quite some time and can provide very flexible and adaptable zero-trust capabilities to our customers. It’s been great to be able to help them respond to their needs in such a short space of time,” says Fairman.
The future for Netskope
Fairman notes that his arrival, along with the recent completion of the NewEdge launch, has put Netskope in a position to explore new directions and possibilities for their offerings. “We’re shifting our focus towards rounding out our data loss prevention (DLP) capabilities, as well as exploring new capabilities outside of web and cloud,” says Fairman.
The company is also looking to further embrace artificial intelligence and machine learning, which Fairman sees as critical to the future of an industry in the grip of a historic skills shortage. “Every security function and every security team needs to be focusing on two key metrics: time-to-detect and time-to-contain. The more that you need to throw a person at those problems, the longer the process takes. Using AI and ML to tackle those problems at machine-speed, will help organisations reduce those times dramatically,” he explains.
“The more we can automate that detection process, the more we can redirect human resources towards the modelling of AI and ML, teaching those models to work better and faster. There’s a skills shortage in cybersecurity, so the industry needs to use its workforces in a smarter, more effective way to support greater automation, which is where we’ll see AI and ML come to fruition and start to create compounded benefits.”
As Netskope moves towards 2021, the company is still doggedly pursuing its principal goal: to set the standard for the SASE cloud-based cybersecurity industry. “We are the epitome of SASE. As we continue into 2021, you’ll see our SASE journey continue to evolve as we work to become the dominant SASE player in the market.” says Fairman.
