Major New Features
AWS Organization-Based Onboarding
Netskope One DSPM now supports AWS Organization-based onboarding. You can connect with and scan across different organizational units (OU) and multiple AWS accounts nested within an AWS organization. Once connected to an AWS organization, Netskope One DSPM has the ability to automatically discover new accounts and data stores within the organization hierarchy. This capability provides Netskope One DSPM visibility to many AWS Accounts simultaneously, enabling our customers to better utilize their AWS Organization structure. AWS Organization-based onboarding also speeds up the auto-discovery of all AWS Data Stores to help monitor data sprawl and improve data governance for your organization.
Saved Views for Classification Management
On the Classification Management page, you can now save views. Adjust filters, columns, and sorting, then save your view. Each saved view appears as an additional tab to the right of the Default View. You can also adjust your preferred view, which will appear on this screen anytime you return to it. All views here only apply on a per-user basis, and no user will see another user's saved views.
New Built-in Data Access Policy for Un-linked Username (Ghost User) Detection
Netskope One DSPM now offers a built-in policy to detect database usernames with access to sensitive data not linked to any employee (a.k.a ghost usernames). This provides stronger access controls for your organization's sensitive data. You can enable this policy from the Policy Management page for it to begin triggering alerts for all connected data stores.
Publishing Activity Logs to S3
Activity logs from Administration → Activity Logs can now be pushed to your organization's instance of S3 within AWS. All system activity and user activity stores as .json objects with standard formatting. All information showing in your Netskope One DSPM activity log will appear in your S3 instance going forward. This can only be enabled via a direct request to our engineering team.
Improvements and Updates
Sensitive Record Count Updates
Sensitive records, viewable from the Risks Dashboard and Data Store Inventory, now represent the number of sensitive rows within connected data stores. Before 6.3, this number represented the number of sensitive cells. So, if a table has at least one sensitive field, the number of rows will each be counted as sensitive records in that table, aggregated to reflect the total sensitive record count for the data store. See the example below.
Policy Retrospective UI Updates
Retrospective policy testing is now completely optional within the policy editor. You can bypass this step when it takes more than 30 seconds to produce accurate results. A TEST POLICY button is available if you wish to run the simulation; otherwise, the results will be logged as Alerts/Tasks on the next data store scan.
User Information on Classification Management page
Netskope One DSPM now displays the count of users with access to each field on the Classification Management page. Clicking on this number displays additional user information to help analyze access control.