Netskope Administration for Departing Users

When a user announces their departure from the organization, it's crucial to implement stringent controls and checks to protect corporate data and resources. The user's account should immediately be placed into a "Leaving Users" group within their Identity Provider or Directory Services. This move should trigger a set of pre-configured policies for these accounts.

Critical Policies to be Enabled

1. Restricted Activities: This policy limits certain user activities to prevent potential loss of data:




1. Unable to Delete Files: Prevents the user from unintentionally or maliciously deleting crucial company information.


2. Unable to Share Files to Any Non-Corporate User: Ensures sensitive company data isn't shared externally.


3. Unable to Download from Salesforce: Ensure customer and prospect data from being downloaded.




2. Restricted Instances: This policy confines the user's interaction with certain instances:




1. Unable to Upload any files to Non-Corporate Instances of Sanctioned Cloud Applications: Keeps the organization's data within its control and stops it from being transferred to external locations.




3. Restricted Applications: This policy governs which applications the user can access:




1. Unable to Access or Upload Files to Unsanctioned Applications: Keeps company data within approved applications and prevents data leakage




4. Restrict Endpoint Controls: This policy should be activated to limit endpoint activities:




1. Unable to Transfer any Files to USB: This ensures that data can't be physically taken out of the organization's network.


2. Unable to Print any Files: This prevents hard copy data leakage, which can be difficult to track.




5. Restrict IaaS controls: This policy restricts Infrastructure as a Service (IaaS) access:




1. Network Administrators should be removed from accessing Production instances of IaaS: This ensures only the necessary personnel can access the production environment.

Investigation Best Practices for Administrators:

1. Advanced Analytics: Leverage Netskope's Advanced Analytics to monitor user activities and data flow. This allows early detection and management of any anomalies or suspicious activities.




1. Insider Threat Report: Ensure this report is run with filters for the departing User Group.




2. Generate a Comprehensive Report: Curate a report of all Application Events for the leaving user for review by the manager. This offers a complete overview of the user's interactions with the company's resources.




1. User Investigation Report: Ensure this report is run with filters for the departing User Group

Additional Best Practices for Administrators

1. Take Prompt Action: Implement all changes as soon as a user announces they are leaving to minimize the window for potential data compromises.


2. Revoke Access: After the user's last day, ensure all access to corporate resources is immediately revoked.


3. Documentation: Keep detailed records of all actions taken during the offboarding process. This assists in audits, troubleshooting, and provides a reference for future cases.


4. Regular Review of Departing User Policies: Update and review policies regularly to keep them relevant and effective.

Additional Security Policies to consider:

1. Password Change Policy: Force an immediate password change to prevent unauthorized access.


2. Email Forwarding Policy: Disable auto-forwarding of emails to prevent potential data leakage.


3. Data Backup Policy: Backup all data associated with the user to prevent loss during the offboarding process.

By adhering to these practices, a Netskope Administrator can ensure a secure and efficient offboarding process for departing users, mitigating the risk to the organization's data and resources.