Netskope Administration for Departing Users

  • 21 June 2023
  • 0 replies

Userlevel 2
Badge +10

Netskope Administration for Departing Users


When a user announces their departure from the organization, it's crucial to implement stringent controls and checks to protect corporate data and resources. The user's account should immediately be placed into a "Leaving Users" group within their Identity Provider or Directory Services. This move should trigger a set of pre-configured policies for these accounts.


Critical Policies to be Enabled

  1. Restricted Activities: This policy limits certain user activities to prevent potential loss of data:
    1. Unable to Delete Files: Prevents the user from unintentionally or maliciously deleting crucial company information.
    2. Unable to Share Files to Any Non-Corporate User: Ensures sensitive company data isn't shared externally.
    3. Unable to Download from Salesforce: Ensure customer and prospect data from being downloaded.
  2. Restricted Instances: This policy confines the user's interaction with certain instances:
    1. Unable to Upload any files to Non-Corporate Instances of Sanctioned Cloud Applications: Keeps the organization's data within its control and stops it from being transferred to external locations.
  3. Restricted Applications: This policy governs which applications the user can access:
    1. Unable to Access or Upload Files to Unsanctioned Applications: Keeps company data within approved applications and prevents data leakage
  4. Restrict Endpoint Controls: This policy should be activated to limit endpoint activities:
    1. Unable to Transfer any Files to USB: This ensures that data can't be physically taken out of the organization's network.
    2. Unable to Print any Files: This prevents hard copy data leakage, which can be difficult to track.
  5. Restrict IaaS controls: This policy restricts Infrastructure as a Service (IaaS) access:
    1. Network Administrators should be removed from accessing Production instances of IaaS: This ensures only the necessary personnel can access the production environment.

Investigation Best Practices for Administrators:

  1. Advanced Analytics: Leverage Netskope's Advanced Analytics to monitor user activities and data flow. This allows early detection and management of any anomalies or suspicious activities.
    1. Insider Threat Report: Ensure this report is run with filters for the departing User Group.
  2. Generate a Comprehensive Report: Curate a report of all Application Events for the leaving user for review by the manager. This offers a complete overview of the user's interactions with the company's resources.
    1. User Investigation Report: Ensure this report is run with filters for the departing User Group


Additional Best Practices for Administrators

  1. Take Prompt Action: Implement all changes as soon as a user announces they are leaving to minimize the window for potential data compromises.
  2. Revoke Access: After the user's last day, ensure all access to corporate resources is immediately revoked.
  3. Documentation: Keep detailed records of all actions taken during the offboarding process. This assists in audits, troubleshooting, and provides a reference for future cases.
  4. Regular Review of Departing User Policies: Update and review policies regularly to keep them relevant and effective.

Additional Security Policies to consider:

  1. Password Change Policy: Force an immediate password change to prevent unauthorized access.
  2. Email Forwarding Policy: Disable auto-forwarding of emails to prevent potential data leakage.
  3. Data Backup Policy: Backup all data associated with the user to prevent loss during the offboarding process.


By adhering to these practices, a Netskope Administrator can ensure a secure and efficient offboarding process for departing users, mitigating the risk to the organization's data and resources.

0 replies

Be the first to reply!