When the new CIO joined this large Global Professional Services Firm, it wasn’t immediately clear to him what he had inherited. A regular onboarding of acquisitions without a clear digital strategy meant the company’s technology estate was inconsistent and the IT team had been struggling to keep up with business demands.
HOW TO IMPROVE VISIBILITY FOR A CIRCUMNAVIGATED DEPARTMENT OF ‘NO’?
The customer explains; “There was a staggering backlog of project requests in our queue, so one of the first things I had to do was establish whether the projects were still planned. Through that discovery process I realised that business IT projects were progressing without the involvement of the IT team, because the delays were unworkable. IT had a reputation as the ‘department of no’ and people had simply stopped asking for support and were fixing things their own way. The security implications were huge.
The situation with managed IT wasn’t much better, with the organisation trying to fit public cloud usage through on-premise security appliances.
“Early on in the role I made a trip abroad for work, and was trying to use Office365. Our on-premise firewall meant my data was yo-yoing backwards and forwards across the Atlantic numerous times. It was so slow it was almost unusable. And it wasn’t just my location that was the problem; remote workers in the UK were experiencing similar problems as our network was tromboning traffic backwards and forwards between security infrastructure, user and cloud service provider.”
“It made no sense for our security infrastructure – such as Secure Web Gateway and VPN – to be on-premise, when the data and applications no longer were. We needed to architect our security around our cloud-first strategy which meant moving security to the edge with SSE.”
Chief Information Officer, Global Professional Services Firm
STOPPING SAYING NO, WITH THE VISIBILITY TO DETERMINE ‘WHY?’
The CIO brought Netskope in to quickly help establish visibility into exactly what the business was using. Netskope’s CASB cloud assessment identified 2,450 unmanaged cloud apps in use across the business. The customer explains;
“The number was shocking, but shadow IT isn’t intrinsically bad. People bring in unmanaged applications either because they have a business need that is not being met, or because they simply don’t know about the functionality of the managed applications available to them.”
The former case is often driven by partner and client requests — if a client wants to share their documentation over Box, then the IT team firmly believe that the organisation needs to enable that. The firm is using Netskope to allow a granular permissions policy, as the customer explains;
“It’s important that we support a client’s preference to use Box, or another such collaboration or storage tool, but we need to do it in a way that conforms to our own security policy. With Netskope we can allow teams to access and read documents from cloud applications, without allowing them to write, or download without malware checks, or whatever policy we determine is appropriate.”
For the latter situation, where employees are finding their own solutions, unaware that the managed application suite can help, the organisation uses Netskope for user coaching. Rather than blocking access to the service, Netskope can deliver a pop-up alert, helping the user choose a more secure application or demonstrate more secure behaviours.
“We need to enable employees to do their jobs, and that means finding ways to ensure our security policies improve the user experience rather than placing limitations and hurdles in their way.”
Chief Information Officer, Global Professional Services Firm
DATA-CENTRIC SECURITY IS READY FOR ANYTHING
With web and SaaS under control, the next task was to assess remote access security for private applications, replacing a legacy on-premise VPN, and Netskope was the logical choice.
The organisation is now using Netskope’s Security Service Edge (SSE) Private Access Enterprise package, including next-generation Secure Web Gateway (NG-SWG), web filtering, advanced threat protection (ATP), advanced UEBA, advanced DLP, Cloud Firewall, Advanced Analytics and NPA for Zero Trust Network Access (ZTNA). The CIO explains what the package does for them;
“With Netskope, our security protects the data, wherever it goes. IT teams are losing control over the apps, the networks, the data centre… even the workforce is changing with new partnership models and collaboration… so data becomes the critical focus. If we secure the data, then we don’t have to worry about the location of the user, the application choice, the network or device, because the data carries the policies.”
The Netskope implementation was up and running before March 23, 2020, a date that sticks in the mind of many UK CIOs because it was the day that the UK Government mandated office closures due to the Covid pandemic. Like everyone else, the firm’s workforce picked up their laptops and headed home.
Customer; “I was fairly confident, because in theory we had built an architecture that wouldn’t flinch over the mass movement of the workforce, but thousands of workers turning to remote access overnight made me slightly uneasy. The security should be identical — but what would the experience be like? I can honestly say we had no issues. Three weeks into the lockdown, my Chief Risk Officer stopped worrying about IT and started talking about cashflow, and that’s when I knew we were fine.”
