In case you missed the first webinar of our new Inside Netskope series—where Netskope experts show you how we protect our users, applications, and data using our own cloud-based architecture—a recording and recap of our recent session on how to coach users into compliance can be found below. Feel free to comment and continue the discussion!
Watch on-demand
Q: What is the Block restriction action for those that have not been able to complete the training in time?
A: We take a gradual approach to the notification system, so there are different levels of restriction. Once the completion deadline has passed, users receive a similar message but they do not have the option to provide justification to do the training later. Their only option is to complete the training now or ignore the message which will follow them on all applications other than the required ones (Okta, LearnUpon, and Slack).
Q: What has been the user experience/feedback from the users as you've deployed this notification system?
A: The first time around, it was a bit surprising for those that were affected. Some feedback we received was to restore access quicker once the training is completed because we had the job scheduled to run every hour. Non work related sites were not affected, however, it can get very restrictive after the completion deadline has passed. Overall, the user experience was great because of the gradular approach taken.
Q: Are there other use cases for this coaching/to create awareness training that you could apply in different areas?
A: Absolutely! We have already been asked to expand this approach to our new hire security training and HR training. Eventually, the goal is to roll this out for all of our compliance training.
Q: How do you plan to enhance/add to this?
A: We would like to enable just-in-time training. So as a user starts to do things, we give them training on the spot. For instance, if a user attempts to upload information that might be against DLP policy, we would send them the training right away. Our long term goal would be to totally supplement the annual training with just-in-time training. We know all of the categories that the annual compliance training comprises, so if we can tie the results from the just-in-time concept using the same techniques and start logging when people get all of the different categories of training, the end goal would be to eliminate or tailor the annual training.
Q: How do you start the process of directing users to approved cloud channels for information sharing both internally and externally? Best practices / recommendations for using 'User Notifications' would be appreciated.
A: We started with policies based on the applications CCL rating that will trigger a user alert that says why we don't recommend this particular application for usage and reminds the user of the sanctioned application in that same category the application they are attempting to access that is authorized for use by the organization.
Q: Are these things available in the standard Netskope product or do they require additional licensing?
A: No additional licensing is required for being able to utilize this capability. If you have SWG then you have this capability.
Q: How do you change the mindset of security and network engineers as the lines between teams continue to blur?
A: We are approaching it from a collaborative mindset at this point. With the additions of our BWAN component the security team now has a networking tool. We are not attempting to take the networking duties from the networking team, but instead are partnering with them to utilize our product to further the networking capabilities that they have already established. By working cooperatively we are able to highlight even more of how the security side of Netskope works, and gain knowledge of how our networking team is working. This allows us to work cohesively and take the users experience to the next level.