Netskope has achieved FedRAMP High Authorisation for its Netskope GovCloud solution. The US Department of Veterans Affairs acted as a sponsor to help the company achieve the Authority to Operate. The application was assessed by the third-party assessor, Coalfire.
Dave Peranich, Netskope President, Go-to-Market, said, “Achieving FedRAMP High authorization for the Netskope GovCloud platform underscores Netskope’s continued dedication to helping secure the U.S. federal sector.
“It is a privilege for Netskope to have such a trusted sponsor and partner in the US Department of Veterans Affairs. As the leading vendor that can offer a comprehensive SSE solution on a single platform with FedRamp High authorization, we remain fully invested in ensuring our platform is the most complete and highest-performing cloud-based solution possible for customers everywhere.”
What is Netskope GovCloud?
Netskope GovCloud is a FedRAMP High Authorised platform for cloud-delivered cybersecurity services. It is targeted at US Government agencies that are mandated to use FedRAMP authorised Cloud Service Offerings (CSO) for services delivered through the public cloud.
It uses the Netskope Intelligent Security Service Edge (SSE) platform (see image below). Netskope describes its capabilities as including “access control, threat protection, data security, security monitoring, and acceptable-use control enforced by network-based and API-based integration.”
As a cloud-based solution, it is designed with cloud architectures in mind. It means that it is better equipped to deal with cloud applications than an on-premises solution would be. It is seen as a replacement for legacy on-premises security stacks.
Netskope says that one of the key benefits of its GovCloud is that it “enforces policy from a single platform, with a single pass policy engine, single centralized management console, and a single client on the endpoint.” In the compliance-driven world of government IT, it simplifies issues for developers. More importantly, it means that government departments choosing to use the solution can be sure they comply with Executive Order 14028.
Three key elements
Netskope highlights three key features that this brings in the announcement. They are:
- Comprehensive protection: As conditions change and requirements evolve, organizations can deliver new protections by enabling services within Netskope GovCloud. Netskope GovCloud is a fully integrated platform, not a collection of point products, and can be extended to cover a range of threat and data protections.
- Reduce operating complexity with a single client and single management platform: Netskope’s architecture and Zero Trust Engine leverages a single client for multiple services to reduce the impact on endpoint administration. It uses a single management console with a single policy engine to reduce administrative complexity.
- Enforces zero trust principles: In line with the zero trust requirements in Executive Order 14028, Netskope GovCloud reduces the attack surface area and enforces contextual access controls to dramatically increase the overall integrity of the agency’s operating environment.
Enterprise Times: What does this mean?
Government computing contracts are lucrative, but they also come with a high bar before products can be added to the list. FedRAMP High Authorisation is seen as one of the most difficult things to achieve in terms of government standards. Importantly for Netskope, it was sponsored through the process by the US Department of Veterans Affairs. That means it starts with one major US Government department already signed up.
It will be interesting to see how quickly it can sign deals with other departments. Given the costs of getting FedRAMP approval, there will be a lot of pressure to sign more deals.
However, it is outside of government where this will bring the most benefit to Netskope. Government contractors and suppliers are keen to make sure they use the same systems as US Government departments. It simplifies onboarding, and in terms of cybersecurity, it reduces the risk of gaps that can be exploited by malicious actors.