The City of San Diego’s IT network consists of 24 different networks, has 40,000 endpoints, 11,000 employees, and integrates with 4,000 different third-party services, including the FBI, INTERPOL, Sheriff’s Department, Fire Department, surrounding municipalities, and more. As a port city and home to several military bases including Naval Base San Diego, the principal homeport of the Pacific Fleet, San Diego is a natural target for cybercrime. The city receives between 800,000 and 1 million threats per day. The city needed to understand cloud usage and risk of cloud services, manage costly bandwidth usage associated with large backups, and safely deploy sanctioned cloud services such as Office 365. They also needed to secure sensitive data and protect against cloud-based threats.

Oak Hill Advisors (OHA) is a leading independent investment firm that manages distressed funds, credit hedge funds, customized accounts, and other specialty credit funds. The firm has a strategic approach to the cloud, which gives them the flexibility and the right tools to compete in a fast-paced global marketplace. However, the security challenges associated with cloud services are different in scope and accountability compared to traditional data centers. OHA's team invests a lot of time in relationships with both end users and vendors. The firm needed a way to scale both the gap analysis and holes found in each app’s security.

The company underwent an internal security audit, where cloud security was identified as a gap. The company's primary concern was damage to its brand as a result of a potential data breach, resulting in the exposure of customer data. Another area of concern was global support and corporate users uploading sensitive data to the cloud. The support employees often interact with consumers and business guests by phone, and ask them for, and store information such as credit card and other personally identifiable or sensitive information during those conversations.

The company was facing a major challenge with uncontrolled use of cloud apps. As part of a major corporate cost-saving initiative, the company's IT organization was tasked with moving all non-revenue-producing initiatives to the cloud. This led them to sanction a handful of cloud apps, including the Office 365 suite. However, they discovered that they had more than 1,000 cloud apps in use, including over 100 alternatives to the Office 365 apps. The company needed to corral users to the corporate-sanctioned Office 365 suite and reduce the usage of alternatives.

The company was undergoing a corporate-wide roll-out of Office 365, with use cases identified for nearly every app in the suite, from storage to email to collaboration and productivity. It even planned to deploy Yammer to hourly employees so they could build community and share best practices across stores. When the lines of business championing the deployment engaged the security team to bless the project, the latter identified a number of access and data requirements that needed to be put in place before the company could adopt the suite for all of its users. Those requirements included admin privileges on a per app basis, differing levels of access based on whether the device was corporate-issued or BYOD, controls for sensitive data like PCI and PII, and anomaly detection.

The company had a mandate for IT to reduce spend and create a secure, efficient cloud strategy moving forward. As a company in the financial services industry, IT had to protect employee and customer data, case information, proprietary financial data, business plans, and more – all of which was being shared and used through cloud services. And with the recent standardization on Box, IT needed to coach all employees to using Box instead of unsecure cloud storage apps that weren’t enterprise-ready. Netskope helped IT identify all cloud storage apps in used and most of them were not enterprise-ready – leading to the initiative to coach all users over to Box.

The company, a global leader in high technology, had adopted Google Apps for Work organically, with employees using Google Drive, Hangout, Sites, Docs, Sheets, Slides, and Gmail for collaboration. As the usage of Google Apps grew within the company, IT sanctioned the suite and assumed responsibility for administering it. This raised concerns within the information security and audit organizations as there was an increasing amount of data being uploaded to the cloud with little to no visibility or oversight by IT. This was particularly concerning as users stored large amounts of sensitive data in Google Drive, including product details, roadmaps, intellectual property, strategic plans, non-public financials, and other proprietary and confidential information. The IT organization sought a solution to help them discover and control sensitive data across the suite.

MaRS Discovery District in Toronto, one of the world's largest urban innovation hubs, was facing a challenge with the protection of sensitive content in the cloud. The organization provides mentoring and advice to hundreds of businesses in Ontario, which involves storing and sharing sensitive or confidential business data like financials, pitch decks, and patent filings in the cloud. The challenge was to restrict access to certain files to ensure that confidential business data did not fall into the wrong hands. Furthermore, MaRS discovered that employees were using nearly every available cloud storage app across different business units, which posed a risk to data security.

The multinational hotel group, a long-time Google Apps customer, underwent an internal security audit. The audit highlighted the cloud as an area where there was very little visibility, particularly concerning PCI. The company's customer support operations and corporate employees often interact with consumers and business guests, taking customer information such as credit card and other personally-identifiable or sensitive information during those conversations. Furthermore, the corporate employees have access to a tremendous amount of valuable content such as booking information, customer lists, partner contracts, corporate plans, M&A documents, non-public financials, and more. The organization needed to discover where that content is, understand what it is, and ensure that it has proper protections around it.

The high-tech manufacturing company was undergoing a shift from discouraging the use of cloud apps to enabling it. As part of this process, Google Apps for Work was shortlisted for sanctioning since a large part of the company was already using it, particularly Google Drive for storage and collaboration. However, IT needed the ability to protect sensitive content that was being moved into Google Drive. They wanted to monitor what is there, understand how it is being used and shared, and take action only if users are engaging in risky behavior. They also needed to report to the company’s executive management, board of directors, and audit committee about cloud usage and risk. Additionally, IT wanted to identify and monitor activity in unsanctioned apps that may be redundant with the sanctioned list, and use those findings to consolidate usage onto the sanctioned apps, including Google Apps for Work.

The company is transitioning its IT focus and spend to the cloud for greater flexibility and business agility. Part of this transition includes a cloud storage and collaboration strategy based on Box, which will ultimately support more than 180,000 users. As the company transitioned to Box, IT needed a way to prevent personal health information (PHI) from being uploaded into Box and in general, to police content to have visibility and create audit trails for data. Protecting patient privacy and data is a core tenet for the company and so the goal was to enable employees while still staying secure and compliant. Part of the difficulty was also implementing this across any app or device for employees in real-time.

Waubonsee Community College was faced with the challenge of ensuring data security as they transitioned to a hybrid learning model due to the COVID-19 pandemic. This meant that students and faculty were accessing and storing data remotely, increasing the risk of data loss and exposure. The college's IT team needed to be proactive in preventing data privacy infringements and data exfiltration, as well as other threats that might exploit vulnerabilities on user devices. They also needed an efficient and effective way to screen cloud apps for security risks and to ensure compliance with security policies.

CARE Ratings, one of the leading credit rating agencies in India, faced a challenge when its entire workforce shifted to remote work due to the COVID-19 pandemic. The company had little visibility into how employees were accessing cloud apps and browsing the internet from home. This lack of visibility raised concerns about network security and data loss. The IT team needed to reduce the risk of malware infection from unmanaged cloud apps and websites and prevent data movement into unmanaged apps. They also needed to prevent data downloads to personal devices from risky Microsoft 365 SaaS apps. Additionally, CARE Ratings wanted to improve the user experience when employees accessed key business applications on the private corporate network.

Dentsu Digital, the digital marketing arm of the Japanese advertising powerhouse Dentsu Group, was facing challenges in monitoring and managing cloud usage to ensure network security. The company wanted to establish a work environment where employees could safely use a wide variety of cloud services. However, the perimeter defense-type network environment, which was based on a zone defense that distinguishes between internal and external networks, had become a breeding ground for shadow IT and was preventing Dentsu from providing adequate services. To address this, Dentsu’s information systems team rebuilt the network based on the zero-trust concept. Then, it sought a cloud access service broker (CASB) solution to monitor the system’s usage and manage its safety.

Morisawa K.K., a pioneer in the Japanese phototypesetting machine industry, faced a challenge with its cloud services. Each department was making its own decisions about which cloud services were secure enough for business use, as there was no organization-wide standard. This led to concerns over the amount of risk exposure due to not having clear guidelines. The Information Systems team urgently needed to prepare a set of standards for which cloud services are acceptable or not. They were also concerned about the scalability of manually keeping an inventory of those cloud services. The team was also concerned with what criteria to use and who would decide whether or not a given cloud service would be considered enterprise-ready. Morisawa was aware that many cloud services lack the security capabilities to prevent unwanted data loss or deletion.

Zip Co Limited, a rapidly growing global fintech company, was facing challenges with its security management. The company was operating disparate security tools that were unable to scale to meet Zip’s global expansion. The overall technology environment was siloed, with Zip comprised of five different companies with varying infrastructure. Internal applications were exposed to the internet, a necessity to ensure global access but with increased risk. Previous solutions routed all traffic through the US, diminishing the end-user experience. Securing new AWS and Azure instances, many added during company acquisitions, was a time-consuming process.

The hospital faced two significant challenges related to its IT environment and use of cloud applications. The first was to prevent any authorized exfiltration of patient data without causing unnecessary friction, false positives, or security alerts that would slow down its fast-moving staff’s ability to collaborate. The second challenge was to prevent malware from entering the hospital network via a constellation of SaaS apps, both managed and unmanaged, both authorized and unauthorized. Making its Office 365 implementation secure was a big job already, further compounded by how many hospital team members were linking it to various other applications, including file transfer services such as Dropbox.

The national healthcare organization was faced with the challenge of protecting large amounts of personal health information (PHI) across multiple tenants of O365, addressing widespread use of cloud apps, and preventing the risks of Shadow IT and unauthorized web access. The organization's initial discovery process uncovered thousands of Shadow IT apps and a lack of security controls to govern them. This led into a deeper analysis of managed apps, including over 30 tenants of O365, plus the capability for users to securely use third-party O365 tenants. Existing web gateway security appliances lacked the capabilities to secure and govern managed apps and Shadow IT, let alone multiple tenants or instances of each app. Data movement within cloud apps was also included in the new cloud security strategy. As a large healthcare organization with hundreds of millions of rows of data, the solution required data protection for any user, device, or location.

The automotive company was facing a renewal of its on-premises web proxy appliance solution. However, the company had adopted a cloud-first strategy and realized that the existing on-premises solution would not meet its future requirements. The company was looking for a solution that would provide full visibility into their environment and strengthen their move toward cloud adoption. The company wanted to deliver IT services faster, reduce MPLS backhauling expenses and appliance maintenance fees, support remote workers with cloud edge security close to the user, add visibility into cloud applications to strengthen overall security, and consolidate cloud and web security into one platform, console, and policy engine.

Arrow Global Group PLC, a leading European credit and asset management business, needed a solution that would allow colleagues across multiple geographies to communicate and collaborate effectively. The company wanted to create a connected group with enhanced cohesion, which led to the requirement of a platform that would enable employees to forge better working relationships and unlock the full potential of the 'One Arrow' culture. After a detailed evaluation, Arrow selected Workplace by Facebook for its intuitive user interface, excellent mobile user experience, and familiar features and functionality. However, the company operates under a strict financial regulatory regime across all of its geographies, including regulatory and contractual obligations with regard to data protection. Therefore, additional security controls were required to make the platform suitable for Arrow Global.

Cloudrise, a small company offering cloud-focused advisory, technical consulting, and managed services, was facing challenges in manually checking cloud configurations for their own company and their customers. The company had limited visibility into what cloud apps were being used organization-wide and who was using them. The security team was manually checking cloud configurations as a part of their daily workflow, causing production lags. The need for a solution that could automatically scan data against DLP policies was critical.

Sainsbury’s, a leading UK retailer, faced several challenges in its tech security department. The company operates in a 'cloud first' environment, which is crucial for scalability during peak seasons. However, this approach led to incomplete visibility of cloud services, risk of sensitive data loss and non-compliance, restricted Data Loss Prevention (DLP) capabilities, exposure to threats, and lack of consistent policy enforcement. The company needed to ensure visibility across a complex web of cloud services used both internally and with partners. The Data Protection Officer role within Sainsbury’s Data Governance team relied on the insight and controls that the Security team owns. The company handles a lot of data, governed by a range of regulations, making strict adherence to best practice for data governance critical.

Evalueserve, a global provider of solutions and services for research, analytics, and data management, faced several challenges as it adopted a cloud-first architecture. The company had incomplete visibility, risk of sensitive data loss, non-compliance, and limited Data Loss Prevention (DLP) capabilities. As the usage of Office 365 increased across the organization, it became a priority to ensure corporate data was protected by implementing new and robust tools for security and compliance. The company needed to ensure that sensitive data was not being leaked in and out of Office 365 and other cloud services. Additionally, Evalueserve was concerned about cloud threats like malware and ransomware.

Stroock, a leading financial institution, was looking to enable cloud services like Microsoft Office 365 while ensuring sensitive data is protected. They were facing fragmented visibility and control across cloud and web, and there was a risk of sensitive data loss and noncompliance. The firm was also dealing with the complexity and added costs of deploying and managing separate and inconsistent Data Loss Prevention (DLP) policies to protect client data across web, cloud and networks. Their existing web proxy solution was not meeting the evolving requirements of their organization. With employees everywhere, users were going directly to the internet and bypassing their secure perimeter. Users were also accessing cloud services on personal and mobile devices, and, in addition to browsers, using native apps and sync clients. Their legacy web proxy tool was blind to most of this traffic.

Apria Healthcare, a leading provider of home respiratory services and certain medical equipment, wanted to embrace cloud technology across their organization to enable quick access and easy movement of personal and medical data by and to care providers, insurers, partners, and other affiliates. However, they faced challenges in leveraging the power of the cloud due to security and compliance concerns. They needed to ensure their patients’ personally identifiable information (PII) is protected. They also needed to integrate the cloud into everyday processes and architecture. The company had an IT security staff of 12 people, so they had to rely on partners to help augment their security.

Ather Energy, a company that designs, manufactures, and markets smart electric scooters and charging infrastructure, faced several challenges. They lacked visibility into their public cloud infrastructure use across the organization, which made it difficult to maintain continuous compliance. The risk of misconfigurations could lead to the exposure of sensitive data. Additionally, they lacked the skilled resources to manage multiple cloud infrastructure services. As Ather's business relies on multiple public clouds and cloud services, they needed a single view into their entire environment to speed resolution when issues arise, and to gain the insights they need to address potential problems before they have any impact.

AVX Corporation, a leading international manufacturer and supplier of advanced electronic components, was facing several challenges. The company needed visibility and control over data in Google G Suite. They also needed to discover ShadowIT cloud services in the environment, demonstrate compliance with GDPR, and inspect and control cloud traffic even when it originates from a mobile device. As usage of G Suite grew within the company, an increasing amount of data was uploaded, and IT had little to no visibility or control of the data in the cloud. This data included client contracts, employee and customer information, intellectual property, and other confidential records. Prompted by the revelation that they needed a clear picture of risk exposure, information security professional Zack Moody sought a solution to help them discover and gain control over sensitive data across G Suite and to meet growing compliance requirements, including GDPR.

Morgan Sindall Group plc, a leading UK construction and regeneration group, faced the challenge of embracing digital transformation while operating within tight regulations. The company had adopted new cloud application models, such as Microsoft 365, but was still using outdated on-premise appliances for security. This created issues such as network hairpinning, bandwidth problems, and delays. The company also needed to improve visibility and security control. The challenge was to find a solution that would not only address these issues but also support the company's move to cloud applications.

Adventist Health System, a healthcare network with 45 hospital campuses, was faced with the challenge of enforcing strict HIPAA compliance requirements to protect personal health information. During a large initiative to migrate all of their users from a legacy, on-premises Microsoft Exchange system to Exchange Online, they were presented with additional Office 365 opportunities and services in addition to email. One of the value-added services made available to users was OneDrive, which gave them cause to consider their security, compliance and risk, not just for Office 365, but for all cloud services. They lacked visibility into cloud service providers and needed additional security controls for the 70,000+ users who were migrated from on-premises Exchange to cloud-based Office 365.

Torrance Memorial Medical Center (Torrance Memorial) has been growing rapidly over the last five years, acquiring new business entities and expanding its physician network. This rapid growth resulted in network sprawl and a rapidly growing workforce. Both new and old employees at Torrance Memorial were using more and more cloud computing services. As a healthcare organization, Torrance Memorial is a highly regulated entity due to privacy and medical records concerns. Todd Felker, Torrance Memorial’s technical services manager, wanted to know exactly which services employees were using to ensure he could maintain high security and privacy standards. Felker also needed this information to put in place a cloud services security policy that was flexible enough to allow employees to use the tools they needed but granular enough to maintain rock-solid security and resource controls. He also had no easy way to rate the risk of the different cloud services. With an IT security staff of only one person, Felker did not have sufficient resources to perform regular diligence on the risks posed by cloud services.