Lab 1c: Use Netskope to Research a Service (10min)

Unlike SkopeIT, CCI provides information about any apps in the cloud whether they are in use in your organization or not.

Step 1 Using the navigation menu on the left, select the "CCI".

CCI is like a big encyclopedia of cloud apps.

Step 2 In the main search bar, search for the application "Zippyshare". It should return a single result.

Step 3 Click on "Zippyshare" tile to drill down into the application itself. Here you will see an overview of the cloud application based on the results of our CCI.

Let's be curious a little bit, and read inside different tiles to find:

  1. Does it have a great GDPR readiness score?
  2. What are the domains associated with this app?
  3. What are the potential user activites inside this app?

Step 4 Scroll down to the "categories" section in order to see criterias that Netskope uses to evaluate each application (based on the Cloud Security Alliance Cloud Control Matrix).

  1. What compliance certifications does this app have? HIPAA? PCI?
  2. Who owns the uploaded data?
  3. Do they support MFA or SSO ?
  4. Do they support IP-range fitering ?

NOTE It can be a little bit misleading sometimes. Details/answers to consider for each criteria are the ones starting by this little dot and followed by a bolt word/item

Step 5 Now that we've walked through one application, familiarize yourself with a few more by searching for and reviewing the following cloud applications:

  • Dropbox
  • SmallPDF
  • Microsoft Office 365 OneDrive for Business

For each application, make sure to look at the granular list of activities that Netskope solution can detect.

REAL WORLD TIP You can use CCI in the opposite way. The options on the left-hand side of the CCI allow you to also filter out the view when CISO are looking to buy a safer app for a specific need.

REVIEW QUESTIONS

  1. How many risk levels are there for the CCL?
  2. What standard does Netskope use to evaluate and rate applications?
  3. True or False -- you can only search for applications by name?

Please let your instructor know that you have completed this lab.