Organizations have recognized that they must adapt their existing apps to mobile devices, and create applications for the employees and/or customers. As workers demand more effective tools to do their jobs, it’s inevitable more cloud apps will be introduced to the enterprise without IT’s knowledge.  This results in added security and data loss threats across the organisation that ever before, as up to 88% of apps released in the market are not enterprise ready.

Cloud Access Security Broker (CASB) is a new market category that addresses these issues. Cloud-adopting organizations of all sizes and industries are adopting CASBs. Gartner has placed the category as number one atop its information security priorities, emphasizing that “the time is now” for organizations to get their cloud security strategies ironed out at its recent Security and Risk Management Summit.


Netskope™, the leading cloud access security broker (CASB), helps enterprises find, understand and secure sanctioned and unsanctioned cloud apps. Through contextual awareness and a multi-mode architecture, Netskope sees the cloud differently. This results in the deepest visibility and control, the most advanced threat protection and data loss prevention and an unmatched breadth of security policies and workflows. The world’s largest companies choose Netskope, the only CASB that ensures compliant use of cloud apps in real-time, whether accessed on the corporate network, remotely or from a mobile device. With Netskope, enterprises move fast, with confidence.

While there are a handful of CASB vendors in the market, only one is built from the ground-up to give you three must-have requirements for successful cloud security: Noise-cancelling cloud data loss prevention (DLP), surgical visibility and control of sanctioned and unsanctioned apps, and a future-proof architecture.


1. Noise-cancelling DLP

  • has the most advanced cloud DLP in the market
  • enables IT to use context such as user, group, location, device, activity, and more to reduce the surface area of potential DLP violations, which further increases detection accuracy and efficiency.
  • offer critical DLP workflows such as content quarantine, legal hold, automatic elimination of public access to sensitive content, and event visualization in corporate SIEM systems, which enable IT to remediate and report on violations.
  • integration with on-premises DLP and incident management systems, performing a first pass of sensitive content discovery in the cloud for efficiency, and then funneling suspected violations to organizations’ highly-tuned DLP solutions via secure ICAP.

2: Surgical visibility and control for sanctioned and unsanctioned apps

Netskope provides surgical, or fine-grained, visibility and control for both sanctioned and unsanctioned apps. For sanctioned apps, only Netskope provides full-spectrum governance across access, activities, and data. This includes the ability to see all app activities, their surrounding context, and any anomalous usage in sanctioned apps and their ecosystems. It also means organizations can use device classification to enforce granular access policies - with or without an agent (e.g., “Offer full suite access to users on corporate-issued devices, but webmail only to those on BYOD”).

  • enables organizations to govern activities in sanctioned apps and their ecosystems
  • discovers and protects sensitive data at rest within sanctioned apps, as well as en route to or from those apps and their ecosystems.
  • enforce granular, contextual administrative privileges, enabling organizations to support a “least privilege” security model.

For unsanctioned apps

  • provides visibility and control at the app, category, or globally. This includes the ability to see all cloud activities and their surrounding context, and pivot on any factor to see “Who shared data outside of the company from any app?” or “Did anyone from a remote Customer
  • can enforce access, activity, and data policies in a set-it-once way across an app or category, including on native clients on laptops, tablets, and smartphones, whether users are on-premises or remote, and even based on device classification.
  • enables contextual policies like “No sharing outside of the company,” “No download of PII to a mobile device,” and “No access to CRM if you’re outside of the country,” which let IT mitigate risk without breaking business process.
  • coach users with automated messages that provide insight into the policy violation, redirect them to an alternative app if needed, and allow them to enter a business justification or report a false positive.

Whether across sanctioned or unsanctioned apps, only Netskope provides this level of visibility and control whether the user is in a web-based app, on native clients on laptops, tablets, and smartphones, and onpremises or remote.

Future-proof architecture

Organizations need to address their cloud security needs today and in the future.


Organizations may start with one safe cloud enablement use case today, but their needs will grow. They need a variety of deployment options and a scalable way to add additional apps to their visibility and control matrix so they can future-proof their investment.


Unlike other vendors whose product capabilities are dependent on their deployment architecture, Netskope’s core product engine is abstracted from the way the solution is deployed. We are the only vendor with customers in production across every deployment architecture offered in the market today, including log-based discovery, introspection, inline as a reverse proxy, inline as a forward proxy, inline with or without agents or mobile profiles, in secure TAP mode, in proxy-chaining mode, and even as a secure, on-premises appliance.


Furthermore, Netskope’s modular data plane abstracts our analytics and policy enforcement engine from our support for cloud apps. This means that we can add new apps and facilitate additional deployment options now and in the future.

Additional information