Enterprises find much to like about cloud-based software applications, including lower cost, ease of deployment and added flexibility. On the other side of the coin, however, they remain concerned about cloud security and cloud-related difficulties in complying with regulatory requirements like Sarbanes-Oxley (SOX). These concerns are compounded when business units procure their own cloud apps without input from IT.
Netskope, a startup founded in 2012 and headquartered in Los Altos, Calif., has created a platform that it promises will help companies keep better tabs on cloud app usage and manage apps for better security and compliance with internal policies and regulations like SOX.
The platform detects all cloud apps – officially sanctioned or not and running on-premises or remotely – on any PC or device on a company network. It reveals which apps are being used and by whom, as well as specific actions that are being performed such as "download" or "share." It also shows where and with whom content is shared.
Investment companies see promise in this approach, as evidenced by $21 million in funding that Netskope received from The Social+Capital Partnership and Lightspeed Venture Partners.
"Cloud apps are the inevitable future because they let people go fast and work flexibly. Up until now, IT couldn’t embrace cloud apps because they couldn’t see what apps were running, what people were doing in them, or enforce policies," said Sanjay Beri, Netskope's CEO. "We created Netskope to eliminate the catch-22 between being agile and being secure."
A key advantage of the platform, said Adrian Sanabria, a 451 Group senior analyst, is that it allows companies to "normalize" cloud actions. "If 'file upload' is restricted for a user, it applies equally to file upload features in Dropbox, Yammer, or Office365, despite the functional difference of these cloud services," he explained.
Netskope also provides a Cloud Confidence Index, a database of more than 2,600 cloud apps that have been assessed on 30 objective criteria across security, auditability and disaster recovery to determine their enterprise readiness. The database can help IT identify risky behavior in their application environments and determine which applications they might want to standardize on.
Rajneesh Chopra, VP of Product Management at Netskope, writes in a blog post: "IT can research apps in their environments using our Cloud Confidence Index, compare these apps to alternatives that may be better-suited to the enterprise’s criteria, and either validate an existing decision or have the data to recommend an alternative. They can explore patterns of usage of apps and then hone into an app category or specific app, or end users and the specific activities they performed with these apps, location of such access, the device used for accessing the app, and so on. The user can pivot the entire dataset to parameters that they deem most appropriate."
The company also plans to produce a quarterly report based on aggregated, anonymized data from Netskope customers, among other information. According to its first report, top-scoring apps are far more likely than other apps to have audit logging, data center certifications and device restrictions. The biggest shortcomings of low-ranked apps include failure to encrypt data at rest and failure to enforce complex passwords.