Netskope's Cloud Exchange will be available as a platform-as-a-service. (Photo by Sean Gallup/Getty Images)

Netskope on Tuesday announced that its Cloud Exchange (CE) security and telemetry platform has been made available as a managed service.

The company also expanded its Cloud Risk Exchange (CRE) module with the ability to share application risk scores and insights with the likes of BitSight, SecurityScorecard, and ServiceNow, which aims to help customers gain better visibility into the risks associated with their managed or unmanaged applications.

“As we continue to see a massive reliance on running more of the business in the cloud, organizations are seeking an easier pathway to ensure more efficiency while improving overall security posture,” said Andy Horwitz, vice president of business development, Netskope. “Cloud Exchange as a managed service fills a significant need for resource-strapped organizations and puts them in a position to expeditiously operationalize Netskope’s valuable cloud intelligence across their security stack.”

Craig Robinson, research vice president, security services at IDC, said the announcement by Netskope that they will offer CE as a managed service helps to address the need for organizations to gain visibility into their overall security posture, as well as that of their vendor ecosystem. Robinson said gaining this visibility will be key for decisions makers in the entire C-suite as organizations work to demonstrate cyber resilience to stakeholders such as the board.

Robinson said this new offering also will help cyber-risk practitioners execute something that’s been lacking: gathering the risk scores that actually matter and then turning this raw data into actionable information.

“The number of organizations that would list this capability as one of their core competencies is quite small,” Robinson said. “Utilizing a managed service to ensure that the organization has this information readily available gives their cyber-risk organization additional gravitas to stakeholders.”

Dave Gruber, a principal analyst at the Enterprise Strategy Group, pointed out that Netskope is delivering CE in an ”as-a-service” model, providing all typical as-a-service benefits including: faster time to value, fewer resources needed to manage the solution (maintenance releases, updates, patches, new integrations), and SLAs. He said calling it a managed service may confuse some, who may expect operational security experts to come along with the offering, similar to other managed security service offerings. 

“Managed locally, or as-a-service, CE helps security teams gain valuable insights into cloud telemetry to help manage cloud risk”, said Gruber.

Horwitz clarified Gruber's point by saying that Netskope is not offering security experts: they are providing the platform-as-a-service to help their customers manage the integrations with other ISVs. “We are not threat hunting as part of this service,” Horwitz said. “We will work with MSSPs who will use this service to help their MDR offerings.”