Perrigo gains visibility and control over shadow IT to reduce the risk of data loss while enabling cloud services for employees
Since we implemented Skyhigh, we have reduced our risk of data exfiltration, malware occurrences, and data loss.—Paul Dumbleton
Infrastructure Security Engineering Manager
As a global pharmaceutical company with over 8,500 employees, Perrigo needed a better understanding of company data being uploaded to the cloud. “What we needed was granular visibility into what our users were doing and the ability to provide policy controls for different business units,” explains Paul Dumbleton, Infrastructure Security Engineering Manager at Perrigo. Perrigo was already doing some cloud service blocking based on categorical allocation from firewalls and proxies, but usage would inevitably slip through the cracks due to a lack of comprehensiveness and accuracy in firewall and proxy categorization of cloud services, putting Perrigo at an increased risk of data loss and exfiltration. Dumbleton didn’t just want to block services but also needed to streamline the existing process of evaluating services requested by users.
Perrigo brought in Skyhigh for Shadow IT to gain visibility into cloud usage, proactively block high-risk services, and increase detection of anomalous behavior. Initially, Skyhigh discovered over 2,000 cloud services being used by Perrigo employees. Perrigo also leveraged Skyhigh’s CloudTrust™ registry, which features detailed risk scores derived from more than 65 attributes. This allowed the company to accelerate the evaluation process for new services requested by users, and transition away from blocking services by category and instead block them by risk. Using Skyhigh, Perrigo reduced the usage of high-risk cloud services by over 80% using a combination of just-in-time coaching and blocking. “Our next steps include taking a look at the services being used across business units and focusing on consolidation to save money on redundant services,” said Dumbleton.