Skip to main content

Netskope Help

SSPMv1 to Next Generation SSPM Migration Guide

This document gives you a high-level overview of how to migrate existing customers who are on the SSPMv1 platform to the Next Generation SSPM platform.

The Why?

Wonder why you should move to the Next Generation SSPM platform?

Next Generation SSPM is packed with capabilities and usability improvements which can help you operationalise and secure the posture of your SaaS apps like never before. Here is a list of top capabilities that comes as part of the Next Generation SSPM platform:

  • Unified SaaS posture dashboard

  • 120+ additional out-of-the-box rules around Salesforce, Microsoft 365 Exchange & SharePoint

  • CIS Microsoft 365 Foundations Benchmark v1.5.0 support

  • Simplified policy management

  • SaaS app inventory

  • A new low/no code based Netskope Governance Language

  • Basic visibility into 3rd party connected apps

  • Graph-based schema for cross app detection

  • REST APIs (API first approach)

  • Scale and performance improvements

For the Next Generation SSPM platform overview, features, refer to the Release Notes located here.

The How?

You will receive a notification from Netskope when you are ready to be on-boarded to the Next Generation SSPM platform. Once you are on boarded, follow the steps below:

Note

You need not migrate the existing SSPMv1 app instances. Once you receive a notification from Netskope, existing SSPMv1 app instances will continue to function in Next Generation SSPM platform. There is no change in the instance setup or granting access. However, you should migrate the policies, custom rules, and REST API reports from SSPMv1 to Next Generation SSPM platform.

  1. If you have any existing policies on the SSPMv1 platform, you should recreate them on the Next Generation SSPM platform. To learn more: Next Generation SaaS Security Posture Management Policy Wizard

    Important

    As part of Next Generation SaaS Security Posture Management, Netskope has deprecated profiles and introduced compliance standards. Rules can now be directly attached to policies.

    Once you have migrated the policies from SSPMv1 to Next Generation SSPM platform, ensure that you disable the SSPMv1 policies.

  2. If you have any custom rules created using  Domain Specific Language (DSL) on SSPMv1, you should recreate them on the Next Generation SSPM platform using Netskope Governance Language (NGL). To learn more about NGL: Custom Rules Using Netskope Governance Language

  3. If you have created or scheduled any reports on the SSPMv1 platform, you should recreate them on the Next Generation SSPM platform using the REST APIs. To learn more: Reports

    Important

    Once you have recreated the reports on the Next Generation SSPM platform using REST APIs, ensure that you delete the scheduled reports from the SSPMv1 platform.

  4. Once you complete the steps above, navigate to API-enabled Protection > Security Posture (Next Gen) > Overview. You should start seeing the configured apps, users, findings, compliance statistics. To learn more: View Security Posture Overview

FAQ

1.

Do I have to migrate the existing SSPMv1 app instances to the Next Generation SSPM platform?

You need not migrate the existing SSPMv1 app instances. Once you receive a notification from Netskope, existing SSPMv1 app instances will continue to function in Next Generation SSPM platform. There is no change in the instance setup or granting access. However, you should migrate the policies, custom rules, and REST API reports from SSPMv1 to Next Generation SSPM platform.

2.

What happens to the SSPMv1 policies after the Next Generation SSPM policies are created?

Once you have created the Next Generation SSPM policies, the existing SSPMv1 policies will continue to function unless you explicitly disable them. If you keep both the SSPMv1 and Next Generation SSPM policies active on a given tenant, you will receive duplicate email notifications, alerts. Netskope recommends to disable the SSPMv1 policies once you have migrated the policies to the Next Generation SSPM platform.

3.

Should I disable/delete the SSPMv1 reports after I have enabled Next Generation SSPM reports?

Yes. Netskope will not disable/delete your SSPMv1 reports automatically.

4.

I have created custom profiles in SSPMv1. What is the equivalent of profiles in the Next Generation SSPM platform?

As part of Next Generation SaaS Security Posture Management, Netskope has deprecated profiles and introduced compliance standards. Rules can now be directly attached to policies. Netskope has simplified the policy management in the Next Generation SSPM platform. It is more flexible now. If you have custom profiles where you have written custom rules using Domain Specific Language (DSL), you will have to recreate the rules using Netskope Governance Language (NGL) and attach the rules directly to a Next Generation SSPM policy. Policy can either be associated with compliance standards or a set of rules. To learn more about NGL: Custom Rules Using Netskope Governance Language

5.

How does the SSPMv1 standard profiles map to Next Generation SSPM compliance standards?

Standard profiles in SSPMv1 map 1:1 to compliance standards in Next Generation SSPM platform. Here is the mapping:

SSPMv1 Standard Profile

Next Generation SSPM Compliance Standard

Next Generation SSPM App

AICPA SOC TSC 2017 (GitHub)

AICPA-SOC-TSC-2017

GitHub

AICPA SOC TSC 2017 (Microsoft 365)

AICPA-SOC-TSC-2017

Microsoft 365 & Azure AD

AICPA SOC2 2017 (Zoom)

AICPA-SOC-TSC-2017

Zoom

AICPA SOC2 TSC 2017 (ServiceNow)

AICPA-SOC-TSC-2017

ServiceNow

AICPA-SOC-TSC-2017

AICPA-SOC-TSC-2017

Salesforce

CIS Microsoft 365 Foundations Benchmark v1.2.0

CIS-MICROSOFT365-1.5.0

Microsoft 365 & Azure AD

CIS Zoom Benchmark v1.0.0

CIS-ZOOM_1.0.0

Zoom

CSA-CCM v4.0 (GitHub)

CSA-CCM-4.0

GitHub

CSA-CCM v4.0 (Microsoft 365)

CSA-CCM-4.0

Microsoft 365 & Azure AD

CSA-CCM v4.0 (SFDC)

CSA-CCM-4.0

Salesforce

CSA-CCM v4.0 (ServiceNow)

CSA-CCM-4.0

ServiceNow

CSA-CCM v4.0 (Zoom)

CSA-CCM-4.0

Zoom

GDPR 2016/679 (GitHub)

GDPR-2016-679

GitHub

GDPR 2016/679 (Microsoft 365)

GDPR-2016-679

Microsoft 365 & Azure AD

GDPR 2016/679 (ServiceNow)

GDPR-2016-679

ServiceNow

GDPR 2016/679 (Zoom)

GDPR-2016-679

Zoom

GDPR-2016-679

GDPR-2016-679

Salesforce

GitHub Best Practices v1.0.0

BPR-GITHUB

GitHub

HIPAA 1996 (GitHub)

HIPAA-1996

GitHub

HIPAA 1996 (Microsoft 365)

HIPAA-1996

Microsoft 365 & Azure AD

HIPAA 1996 (ServiceNow)

HIPAA-1996

ServiceNow

HIPAA 1996 (Zoom)

HIPAA-1996

Zoom

HIPAA-1996

HIPAA-1996

Salesforce

ISO 27002 (GitHub)

ISO-27002-2013

GitHub

ISO 27002 (Microsoft 365)

ISO-27002-2013

Microsoft 365 & Azure AD

ISO 27002 (ServiceNow)

ISO-27002-2013

ServiceNow

ISO 27002 (Zoom)

ISO-27002-2013

Zoom

ISO-27002-2013

ISO-27002-2013

Salesforce

Microsoft 365 Best Practices

CIS-MICROSOFT365-1.5.0

Microsoft 365 & Azure AD

NIST 800-53 r4 (GitHub)

NIST-800-53-4

GitHub

NIST 800-53 r4 (Microsoft 365)

NIST-800-53-4

Microsoft 365 & Azure AD

NIST 800-53 r4 (ServiceNow)

NIST-800-53-4

ServiceNow

NIST 800-53 r4 (Zoom)

NIST-800-53-4

Zoom

NIST-800-53-4

NIST-800-53-4

Salesforce

NIST-CSF v1.1 (GitHub)

NIST-CSF-1.1

GitHub

NIST-CSF v1.1 (Microsoft 365)

NIST-CSF-1.1

Microsoft 365 & Azure AD

NIST-CSF v1.1 (ServiceNow)

NIST-CSF-1.1

ServiceNow

NIST-CSF v1.1 (Zoom)

NIST-CSF-1.1

Zoom

NIST-CSF-1.1

NIST-CSF-1.1

Salesforce

PCI-DSS v3.0 (GitHub)

PCI-DSS-3.2.1

GitHub

PCI-DSS v3.0 (Microsoft 365)

PCI-DSS-3.2.1

Microsoft 365 & Azure AD

PCI-DSS v3.0 (ServiceNow)

PCI-DSS-3.2.1

ServiceNow

PCI-DSS v3.0 (Zoom)

PCI-DSS-3.2.1

Zoom

PCI-DSS-3.0

PCI-DSS-3.2.1

Salesforce

Salesforce Best Practices

BPR-SALESFORCE

Salesforce

ServiceNow Best Practices

BPR-SERVICENOW

ServiceNow

Workday Best Practices

BPR-WORKDAY

Workday

In this section: