Major New Features

New Data Collection Architecture

The Netskope One DSPM application requires seamless connectivity to scan your data stores, which is problematic for some customers who are unwilling to provide inbound egress to their internal networks. To overcome this, Netskope One DSPM now provides a new collection architecture that enables discovery & classification activities while satisfying your networking security requirements.

This architecture consists of sidecar collectors deployed within your virtual private networks. These outposts sit alongside your data stores and not in the path of your queries, so performance is not impacted. In addition, the actual data pushed outside of your network is is reduced to just the critical metadata needed by the Netskope One DSPM application. This combination allows you to manage insights & take action for all data stores, regardless of your networking environments & cloud infrastructure providers.

Role-Based Access Controls (RBAC)

With Netskope One DSPM's new granular Role-Based Access Controls, you can now onboard your Security, Data, Compliance and other Teams with the appropriate assignment of Netskope One DSPM permissions.  

Roles define which data sets are accessible by assigned users, along with permissions for the application's create, read, update, and/or delete activities. Multiple roles can be assigned to any platform user, whether they are SSO or locally-defined, and users can switch between roles to gain the appropriate focus & data visibility.  Several new built-in roles are available, but you can also create custom roles based on your organization and user needs.  

Additionally, any Netskope One DSPM platform user can be designated as Data Owner of one or more data sets.  

Additionally, we have improved our existing Data Owner functionality to provide the flexibility necessary to support different Data Owner responsibilities within each organization.  In conjunction with RBAC permissions, any Netskope One DSPM Platform user can be designated as Data Owner of one or more data sets.  Assigned Data Owners appear within Netskope One DSPM views like our Data Catalog, and they can be alerted when policies are triggered against their owned data sets.

Risk Summary Dashboard

Knowing risks around your data is critical for every organization so they have the guardrails in place which reduce the attack surface in the event of an exposure or breach. Netskope One DSPM now offers a single consolidated view which summarizes all risks related to data stores & data identified by the application, which can be used to prioritize and focus your data security and privacy efforts. 

The Risk Summary Dashboard provides the following risks assessments and insights: 

• For data stores discovered but not connected/governed by Netskope One DSPM
  • Misconfigured (Not Encrypted, Not Backed-up or Publicly Accessible)
• For data stores that are connected/governed by Netskope One DSPM
  • Amount of sensitive data and sensitive records
  • Misconfiguration Risk incurred by incorrect or suboptimal data store security configuration (Not Encrypted, Not Backed-up or Publicly Accessible) that leaves sensitive data vulnerable
  • Insights on amount of sensitive data that might be exposed due to misconfiguration
  • Which data stores are over-privileged based on aggregated risk score assigned to said data stores containing sensitive information and/or multiple stale-privileged users
  • Which users are over-privileged based is maximum risk score assigned to a stale user of multiple data stores containing sensitive information
  • Which users are risky based on an aggregate user score based their Sensitive Data Access, Stale Privilege and behavior risks across all data stores.  Our existing User Risk Calculation now combines user behavior risk with new insights from our latest object-level privilege analysis features.
  • Insights into users with access to sensitive data such as highlighting ghost users (those not linked to Real Employees), inactive employees, etc.
  • Data-In-Use Risks generated by Data-In-Use Policy violations — Exfiltration, Privacy and Data Modification Policy Types
  • Highlight volume of data in scope for regulatory compliance

You can drill-down on each of the widgets to get more details around a particular risk — data store, data or user.

Mass-Onboarding GCP Projects via Organizations

Netskope One DSPM now supports the option for onboarding GCP Projects by supplying details of their GCP Organization. This information is used to automatically discover and onboard all member projects within the organization. This allows for single-click onboarding of your entire GCP infrastructure, for both current and future member projects, leading to swift data store discovery & early configuration analysis.

Snowflake Tag Ingestion

To increase the value of your Snowflake investment, Netskope One DSPM now provides a native integration which ingests your Snowflake tags and manages them alongside custom Data Tags within your Netskope One DSPM application. This includes bringing across any object-level tag assignments on Snowflake schemas, tables, and fields.

Netskope One DSPM’s built-in classification logic will further analyze your ingested Snowflake data & user activity, then automatically apply additional context only available via Netskope One DSPM. This includes assigning additional Data Tags, Sensitive Data Types, and Sensitivity Levels. This combined metadata can be used to trigger Netskope One DSPM policies which enforce your business policies & compliance needs.

Improvements

New Built-In Classifiers

Netskope One DSPM's classification engine has been enhanced with a list of new built-in sensitive data type classifiers.

Deprecating Employee Whitelist 

The Employee Tag “Whitelist” has been replace by “Allowlist”. In addition, tagging an Employee as “Allowlist” will no longer have any impact on risk calculations or policy conditions.