What is our primary use case?
For now, we are scanning all the HTTP traffic with the cloud-based solution, the cloud broker solution. We are using it as a network proxy. It will detect all the data you are using. Let's say you go to Google Drive to try to upload something. In our case, we are putting up some rules or restrictions so that you can't upload PDFs or Word files, or maybe you can add Word files with limitations, like without any personal information, including name, pin number, date of birth. It's more like we are controlling the PII, the personal information with the solution, so that we restrict users from uploading whatever they want on the internet.
The solution itself is good because it categorizes many websites on its own, like the website or solution you trust. For instance, Yahoo is a good website. You can let your employees use Yahoo, but let's say a website like yandex.com is a little bit fishy, so they will put it into a category like server content. We can put in rules according to this. We can only allow the website with Netskope first.
We have to pay extra for some of those features, but we can connect our infrastructure like GCB. We can connect our instance via API so that Netskope itself scans whatever in our GCB storage or Azure Block storage. If someone is storing PII information, it can declare some alerts or restrict access to that particular file. It's mostly for this kind of solution, but there are many other things that you can do with the solution.
We have more than 30,000 workstations. The client version is 90, but we are using 87. Every three or four months, we do an installation for all the clients and workstations. That's maybe why we are not on the latest client version, but it works fine. There haven't been any problems with that. They launch one new version every month.
Normally on your side, you don't need anything. You only need to install the client on your workstation. After that, it's up to you. If you have everything already on cloud, like if you are using Azure AD, you can connect your Azure-ready account with their account for the same purposes and upload all the data of your users so that their solutions know about your environment. If you are not using cloud, you can provide an Excel list of all your users so they can register those users so you aren't paying more than you are consuming. You can install the agents on 1,000 PCs, but they are only working with the users and environment they are deployed on.
If I have 500 users and install on 1,000 PCs, I'm only paying for 500 users because now they work from home. Everyone has one Mac, one Windows device, or maybe one Linux device, but they are using the same username with the organization. We are paying the license for one user, even if we are using the client on multiple devices. The working environment is not a big mess. If you're on hybrid or 100% cloud based, or even if you are 100% in-house in your data center, you can go with the solution. There aren't any limitations.
How has it helped my organization?
If you implement the solution, it will give you visibility. If you have 1,000 or 50,000 people working in your environment, you don't know what solutions people are using. Personally, I'm using OneNote and Microsoft Office, but someone might be using a text file or third party software, or using a browser extension just to take notes.
We don't know how much we can trust third party applications. The product itself provides visibility to us. When we started back in 2019, we activated the solution for everyone, but this is not the best way for 30,000 users in one shot because we started blocking people and the work environment because people were using their own solutions and software. Netskope doesn't know those softwares so we have to integrate with them and with the third party, for which we are paying the license. Netskope says, "Okay, this is the server. We are blocking the server," but we don't know if we can trust this one or not.
After talking with the other teams, we realized, "No, we are paying the license for it. This is legit, so we don't have to block it."
When we started deployment, each month we deployed the traffic for 1,000 people. When it was done, we could see what they were using, consuming, and what we were blocking.
This way, we can change our policies. We try to allow the legit solutions and third party applications that we are paying the license for. Then we go to the next thousand. Then we discover what these people are doing and the applications they're using. When people tell us that they don't have access to their Gmail, we tell them that we cut out Gmail because we are only using the Microsoft services, so there is no Gmail, unless there is a reason for it.
Netskope provides visibility in our case for the deployment.
What is most valuable?
In Azure, we have multiple subscriptions and with every subscription, we add some kind of instance ID. We can work with the instance ID so that we allow all of the instances containing nodules. Everything else, we block. This way, if you go to outlook.com and check your email, if you log in with your company account, the instance ID will show. The network will take action according to the instance ID and say, "You are using the enterprise email. I'll let you surf. I'll let you see your email." But when you try to log in with your own email address, like Hotmail or Gmail, the instance ID will be different.
This way we are not completely blocking Outlook, but we are blocking people from accessing their Outlook. We are only allowing the enterprise-level emails, and we are not allowing user-based emails. That's the feature I love most.
What needs improvement?
Third party integration with other cloud applications could be improved. Sometimes the API won't be working, but Netskope is taking it seriously. They accept all the feature requests, and they are trying to provide whatever we ask from them.
What we are consuming right now is almost perfect. This is a cloud-based application, not in-house, so we can't change the interface. But for UI, sometimes we ask them to give us some more visualization and features.
For instance, if you are uploading a dictionary and use that dictionary file containing anything from the dictionary blockage protection, we can't see it. Each time we have to upload a new one and override the old one. We can't visualize it, so we have asked them for a feature request and they're working on it.
There are many small things regarding feature requests that we are doing day to day, and they are working on it. Some of the features are there, but they are hard to find.
The only thing we are looking for now is integration with the MacBook. Even with a MacBook, everything is going well. With a MacBook, the Catalina client is working fine. The new version, which releases monthly, is working fine. The only problem we are facing is with the big server, so they're working on it.
For how long have I used the solution?
I have been using Netskope CASB for a year and a half. The solution auto updates. This is a test solution, so all we have to do on our side is upgrade the client version on workstations.
What do I think about the stability of the solution?
There haven't been any major issues. We had one issue on their backend, but they provided a solution very quickly. In about three hours, they moved us to another data center. This is normal. This was a major incident on their side because when traffic starts moving on their data center, they start scanning everything and it goes to their data center. If their data center goes down or there is limited bandwidth on their side, this can impact your organization. This happened once. We communicated with them and within three hours, they switched us to another data center. Everything was smooth and started working fine, but these kinds of things happen.
What do I think about the scalability of the solution?
The solution is scalable. There haven't been any issues according to performance. On their side, scalability is good because it's a test solution. I can't tell you more about the scalability because it's mostly on their side. From our side, everything is more than fine because we are consuming their services.
We are currently paying for 30,000 users, or 30,000 workstations.
Right now, for all 30,000 users, we chose maybe 60 or 70 cloud applications. We are only streaming those applications. We have already deployed 5,000 users to all web traffic. This means we are streaming everything they are surfing. For the other 25,000 users, we are only scaling the traffic of 60 or 70 applications. This is how we are consuming more of the licenses.
Netskope takes control of maintenance. They send you an email about what is going on, and they will let you know that maintenance is occurring on Sandhill server for instance, or somewhere else. They give you brief downtime, but if there isn't any downtime, they connect you to another data center.
The incident that occurred was regarding the bandwidth on their side. They were lacking some bandwidth with their vendor. There hasn't been any downtime yet, and we have been using the solution for a year and a half.
Our organization pushed us to deploy the solution as soon as possible. They were ready to pay the license because there was an architect who did a comparison between two or three CASB solutions, and he chose Netskope. When we deployed, everyone was like, "We are blocking the work." So we had to limit it and start with a chunk of users.
The only thing they are working on is integration with Mac. On the MacBook, the client horizon is not stable. Sometimes it goes down without any warning, but they are working on it.
How are customer service and support?
Technical support is good. Normally when creating a ticket on their side, the response is between one or two business days, but we are paying premium support. In premium support, we have 24/7 support from their engineers. If we have trouble with something, we can just say, "Okay, we need you to call a third party with maybe a higher level of execution." They are ready to be there, but it comes with premium support.
We had basic support. Response time is one business day, but it depends on your ticket. If you have critical severity, they will respond right away. With the premium, 24/7 support, everything is good. Their technical department is taking care of us. They are there for us every time we need them.
Which solution did I use previously and why did I switch?
We haven't used any other solutions previously. This is the first CASB solution we are using at the enterprise. The Microsoft team is using MCAL, which might be similar to this solution but isn't providing all the aspects of it like PII and the third party vendor. Its controls are limited to Microsoft. I'm not sure if we are still paying the license for MCAL or not. If you compare Netskope with MCAL, Netskope also allows you to manage, whereas MCAL is just for Microsoft services.
How was the initial setup?
It seems to be straightforward because we are using it with Azure AD. We already had all of our groups and users there, so we just added the Netskope application in our Azure AD, and it started gathering all the information and sending it to their databases. It seems pretty easy just for the load.
What other advice do I have?
I would rate this solution 9 out of 10.
My advice is to just go for it. In an organization of 30,000 people, you can't just deploy one product and start deploying another product and say, "Okay, we are replacing the solution with this one," because the company has already invested millions of dollars in this.
I like the way Netskope treats its customers. Whenever you need help, they are there. They will 100% help you. They will explain everything to you. We have a meeting with our technical assistant manager every week, and he shows us different things we can do with the roadmaps, different features we can use, and what kind of policy we can put in place to lower our false positive rates. It's very helpful.
Which deployment model are you using for this solution?
Public Cloud
*Disclosure: I am a real user, and this review is based on my own experience and opinions.
