carloscastilla - Fotolia

Netskope awarded patent for cloud visibility, governance

Netskope earned a patent for its CASB services delivery method, which intelligently "steers" enterprise traffic to cloud apps and applies security controls to those apps.

Cloud access security broker Netskope obtained a patent that covers the company's ability to "steer" enterprise traffic to cloud applications and provide real-time cloud visibility and policy controls for those apps.

Titled "Security for network delivered services," U.S. Patent 9,270,765 describes a method for securely accessing "a hosted service" on client devices. "The client devices include client software that uses a remotely delivered policy to redirect network requests for hosted services to a server to enforce visibility, policy and data security for network delivered services," the patent reads.

Netskope's CASB offering provides customers with real-time cloud visibility, security controls, policy enforcement and data loss prevention around approved cloud apps as well as "shadow cloud" services within enterprises. "Customers have been asking the question: how do you govern cloud apps, whether they're sanctioned or un-sanctioned, with real-time visibility and security policies?" said Netskope CEO Sanjay Beri. "That's what this patent is about. One of the key things about Netskope's architecture is the ability to manage both cloud apps that are sanctioned by the IT department and unsanctioned."

Netskope achieves this by employing a "traffic steering" method that sends connections from an enterprise to various cloud apps, either through a public or private network, to Netskope's policy enforcement control point. The traffic steering approach, which is covered by the patent, works both for users working on-premises as well as remote users accessing cloud services via mobile browsers, native mobile apps and synchronization apps.

Doug Cahill, senior analyst of cybersecurity at Enterprise Strategy Group, said Netskope's method of directing traffic is ultimately what distinguishes its CASB platform from other network security services. "This goes beyond what a proxy or a VPN can do," Cahill said. "What's unique is Netskope's ability to intelligently steer the traffic and apply specific policies as it gets steered."

What's unique is Netskope's ability to intelligently steer the traffic and apply specific policies as it gets steered.
Doug CahillEnterprise Strategy Group

Beri said Netskope's approach also frees up customers from having to route traffic to cloud apps back to their corporate network, which could interrupt or degrade performance of the apps. "If you're a remote user working with a cloud app, your company will usually bring your traffic to a cloud app back to the corporate network, which defeats the purpose of having something that's fast and easy to use," Beri said. "In many ways you can enhance the performance of cloud apps by allowing them to be completely untethered from the corporate network and yet still be governed."

Cahill said the patent solidifies Netskope's position as a top-tier player in the cloud access security broker market, which has become highly competitive in the last year. Skyhigh Networks last fall obtained a patent for its reverse proxy method of delivering CASB services to enterprises, but Cahill said he's skeptical if other vendors will be able to follow the steps of Netskope and Skyhigh and obtain key patents regarding CASB models.

"I think, given the interest in the market, there are probably a lot of patent applications that have been filed around CASBs," Cahill said. "But I'm not sure how much white space there is left for CASBs to differentiate themselves and be able to patent an approach."

Next Steps

Find out what CISOs say about cloud access security brokers

Read more on how the CASB market is growing and maturing

Discover the best ways to evaluate cloud access security brokers

Dig Deeper on Cloud Computing Software as a Service (SaaS) Security