Cloud access security broker Netskope has received a patent for granular visibility and control of cloud services that the company says moves the industry beyond “block” and “allow,” and toward real-time governance of cloud data and activity.

In an announcement on Wednesday Netskope said that the comprehensive patent, its second of the year, allows IT to enforce fine-grained policies in different conditions, including “deep cloud context.”

Earlier in the year Netskope received a patent for a multi-mode method of steering traffic to and from cloud apps.

"This patent is consistent with our belief that organizations have moved beyond blocking the cloud services that make their employees so productive," said Sanjay Beri, founder and CEO, Netskope. "IT and information security professionals need and want to allow their organizations to embrace those services while still protecting data and ensuring corporate - and in some cases regulatory - compliance in a centralized, consistent way that works across all apps. Rather than take a sledgehammer to the cloud with an ineffective, antiquated 'block' policy, we let them use a scalpel and carve out risky activities like 'share,' 'download,' and 'edit,' based on the who, what, when, and where of the situation."

The company has previously released research showing that 88 percent of cloud apps scored “medium” or lower on its Cloud Confidence index, meaning they should not be considered enterprise-ready. Further research from the company suggests that the majority of cloud data violations potentially leading to breaches consist of activities like downloading, uploading, and sharing.

Netskope says the newly awarded patent shows its technology enables policy enforcement for multi-condition activities across any cloud app, app instance, or app category. This allows functional BYOD use without opening the enterprise to increased risk from employee behavior.

Between the two patents it has received this year, Netskope says it solves a broad range of security use cases, including activity- level policies like "Block sharing from any file-sharing service if the recipient is outside of the company" and data-level policies like "Alert if any user downloads sensitive business information to a BYOD device.” It also identifies anomalies and policy violations.

Earlier this week a report from Ponemon and Gemalto showed a widespread lack of IT department control over the spread of “Shadow IT,” indicating a potentially healthy market for enterprise cloud app control.