Netskope Community
-
Forums
ProductsCommunity Resources
-
Learn
Education, Training, Certification, and Thought LeadershipCommunity Resources
-
Groups
Community GroupsCommunity Resources
-
Events
Community Resources
- Support
- Netskope Community
- Products
- CASB
- Better understanding of Sanctioned and unsanctione...
Better understanding of Sanctioned and unsanctioned
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2023 06:10 AM
Hi team,
I have a doubt whenever i tried to understand i get stucked and got confused in that.
Correct me as per my understanding.
The sanctioned application are those who only manages by our organization like o365, Gsuite salesforce who having a Admin privileges.
Unsanctioned apps are those who not control by our organization like zippyshare anydesk pinterest facebook whatsapp etc.
Also i get confused over managed and unmanaged application is that the managed apps are sanctioned apps and unmanaged are unsanctioned apps.
For example Sanctioned apps are those who used by dialy bases on organiztion like some org used Gsuite and chatgpt again gsuite i sanctioned and chatgpt is unmanaged apps but the used both one for mailing and other is for info learning. on the second scenerio same org the unsantioned apps are o365 coz they are using gsuite on org.
Please help me with this confusion with user example.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2023 10:15 AM - edited 06-14-2023 10:16 AM
Hi @farhan.
Basically, sanctioned/unsanctioned relates to SaaS apps that would have allowed access, according to corporate security policies. The point here is to "tag" apps as Unsanctioned, and that later could be blocked using Netskope, for instance.
Managed apps is a term we use to refer to apps that are not only allowed access, but also the organization has administrative responsibilities. MS 365 (OneDrive...) and Google Workspace (Drive, Docs, ...) are clear examples of those. Also, they can be monitored by Netskope using API (CASB API), for data-at-rest visibility/control use cases.
Please let me know if it's clear now.
Netskope Product Adoption Lead
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-14-2023 09:25 PM
Hi @msouza Thanks for your reply. So please correct me if i m wrong now As per your definition of sanctioned and unsanctioned and Managed Unmanaged.
I understand that the sanctioned application are those which is used by there organization.
For example : My organization used O365 suite so One drive Teams Sharepoint outlook all the apps of O365 is under sanctioned application while Gsuite will be tagged as unsanctioned application in my org as we are using o365 suite already.
Managed app are like O365 GSUITE SALESFORCE SLACK etc
Unmanaged app are like Zippy anydesk teamviewer Wetransfer etc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 06:30 AM - edited 06-15-2023 06:32 AM
Using you example:
- The corporate instances of MS O365 apps (Sharepoint, Onedrive, ...) would have to be identified, and those would be your "sanctioned" MS O365 apps. Why is that? Because personal instances of Onedrive, for example, would probably not be allowed (these would be "unsanctioned"). But for the purpose of creating Netskope NGSWG policies (real-time policies), you would then focus on the instance identification itself (again, allowing corporate instances and probably blocking or alerting the user when "non-identified" / personal instances of MS O365 apps are used).
- GSuite would be "unsanctioned" and you would probably create policies to alert/block, since the organization already has O365 as the "official/sanctioned" productivity suite.
- O365, Gsuite, Salesforce, Slack would be examples of "managed" apps. Let's say this term only matters when we are talking about CASB API. Basically, since they are "managed" (in other words, you have a coporate instance of those apps and you can manage them), and since they are supported by Netskope CASB through API, you could leverage our CASB API-enabled Protection over them.
- Apps like Zippy, Anydesk, Teamviewer, Wetransfer, if not allowed by corporate policies (probably not), would be considered unsanctioned. They could be categorized as unmanaged, yes, but let's say that such term only matters for CASB API purposes, to make things simpler.
Netskope Product Adoption Lead
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2023 07:19 AM
Okay i understand i will block the personal instance of O365 by real time policies but as per my understanding I gave you the example of this like 0365 and Gsuite of sanctioned and Unsanctioned coz people are misunderstanding as they believe sanctioned apps are managed apps which kind of right but also sanctioned are those who are trusted by organisation so i came.up with this example of 0365 and Gsuite to understand the sanctioned and Unsanctioned thankyou for you precious time .
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- June Office Hours Recap in Advanced Analytics
- Netskope Data Protection for Google Bard in Data Loss Prevention (DLP)
- Vulnerabilities in Browsers ? Yup! Advanced Analytics and NG-SWG policies to the rescue ! in Next Gen Secure Web Gateway (SWG)
- Netskope Cloud Firewall Recommendations, Practical Advice, and Use Cases in Next Gen Secure Web Gateway (SWG)
-
CASB
25 -
Client
7 -
DLP
5 -
API
5 -
Netskope Agent
5 -
API-Enabled Protection
5 -
netskope client
3 -
Real-time Policy
3 -
Unsanctioned apps
3 -
NSClient
3 -
alerts
3 -
MS Teams
2 -
vpn
2 -
Threat Protection
2 -
steering
2 -
update
2 -
incidents
2 -
block
2 -
Real time policy
2 -
CCI
2 -
Troubleshooting
2 -
install
2 -
NG-SWG
2 -
Upgrade
2 -
Collaboration
1 -
steering exception
1 -
IDC
1 -
Reports
1 -
cloud update
1 -
Messaging
1 -
Next Gen SWG
1 -
corrupted state
1 -
API Throttling
1 -
ssl
1 -
Adobe
1 -
cisco
1 -
Authentication
1 -
block IE11 traffic
1 -
ssl error
1 -
Allowlist
1 -
Webinar
1 -
Netskope
1 -
settings
1 -
certificate
1 -
Unique Device ID
1 -
fedramp
1 -
other
1 -
Sanctioned apps
1 -
trust
1 -
Unmanaged apps
1 -
SWG
1 -
MacOS
1 -
configuration
1 -
Managed apps
1 -
Netskope Endpoint Client
1 -
ztna
1 -
VDI
1 -
Office365
1 -
blockuploads
1 -
NPA
1 -
private access
1 -
Zero Trust
1 -
VMware
1 -
UPD errors and nsClientFLow
1 -
Compromised Credentials
1 -
Facebook
1 -
Reporting
1 -
Azure-AD
1 -
whatsapp app
1 -
malware
1 -
policy
1 -
Messenger
1 -
Sharepoint
1 -
googledocs
1 -
security posture check
1 -
ServiceNow
1 -
sku
1 -
Onedrive
1 -
data usage
1 -
APIv2
1 -
Outlook
1 -
version
1 -
application assessment request
1 -
AutoUpdate
1 -
roles
1 -
HTTP Header Profile
1 -
steer traffic
1 -
Privileges
1 -
Real time protection
1 -
Support
1 -
questions
1 -
policies
1 -
Office 365
1
In order to view this content, you will need to sign in to your account. Simply click the "Sign In" button below
Sign In