The Next Next Big Thing

Cloud Access Security Broker

Skyhigh enables organizations to enforce security, compliance, and
governance policies across all cloud services, all users, and all devices

One Platform for All Cloud Services

Skyhigh is the leading cloud access security broker (CASB) trusted by over 600 enterprises to protect their data in thousands of cloud services. With Skyhigh, organizations leverage a single cross-cloud platform to gain visibility into cloud usage and risks, meet compliance requirements, enforce security policies, and detect and respond to potential threats.


Take a Product Tour

Skyhigh enables organizations to enforce their security policies for both corporate-sanctioned and employee-introduced cloud services.

Discover all cloud services in use and standardize on approved services

Skyhigh discovers all cloud services in use and provides a 1-10 CloudTrust Rating of enterprise readiness for each service, reveals gaps in cloud policy enforcement, and enables real-time coaching and policy enforcement to guide users to corporate-approved service

Enforce data loss prevention policies to comply with industry regulations

Skyhigh identifies sensitive or regulated data in motion or at rest in cloud services using pre-built, customizable policy templates or policies from your on-premises DLP solution. Enforce policies to prevent violations and coach users on appropriate usag

Detect and respond to insider threats, compromised accounts, and malware

Skyhigh captures a complete audit trail of all user activity in the cloud and leverages user and entity behavior analytics (UEBA) to accurately detect insider threats, compromised accounts, privileged user threats, and malware proliferating via the cloud or using the cloud as a data exfiltration vector.

Maintain control over how data is accessed and shared

Skyhigh enables you to audit sharing permissions on files and folders and enforce collaboration policies. With Skyhigh you can also define and enforce granular view, edit, and download permissions in real time based on the user’s role, location, and whether the device is managed.

Protect data from unauthorized access and meet data privacy requirements

Skyhigh delivers academia and peer-reviewed encryption for both structured and unstructured data, enabling enterprises to encrypt sensitive data while maintaining control of encryption keys and preserving format and critical end-user functionality such as search and sort.

Download the Datasheet

Download the Skyhigh Cloud Access Security Broker datasheet for a complete list of product capabilities.

Download Now

“Skyhigh allows us to extend DLP outside the perimeter and into the cloud and the user experience is seamless.”

Mike Benson, Chief Information Officer

“In an environment with millions of unique events each day, Skyhigh does a nice job of cutting through the noise and directing us to the areas of greatest security concern.”

Ralph Loura, Chief Information Officer

“Skyhigh helps us understand how employees use Salesforce and identify insider threats, compromised credentials, and excessive privileged user access.”

Mike Bartholomy, Senior Manager, Information Security

“When IT can bring the audit committee and executive members together and they are comfortable using the cloud, it is huge. Skyhigh is mitigating and lowering risk. It's a fact.”

Jeff Haskill, Chief Information Security Officer

“Since we implemented Skyhigh, we have reduced our risk of data exfiltration, malware occurrences, and data loss.”

Paul Dumbleton, Infrastructure Security Engineering Manager

Key Features


Cloud Usage Discovery

Discovers all SaaS, PaaS, IaaS, and custom applications in use and visually summarizes traffic patterns, access
count, and usage over time.

Cloud Registry

Provides the world’s largest and most accurate registry of cloud services, including thousands of services uncategorized by firewalls and proxies.

CloudTrust Ratings

Assigns a risk rating for each service based on 50 attributes. Modify attribute weights and add custom attributes to generate personalized ratings.

Cloud Service Governance

Provides a workflow to automatically or manually classify services based on risk criteria and enforce acceptable use governance policies through coaching
and/or blocking.

Cloud Enforcement Gap Analysis

Presents allowed and denied statistics and highlights gaps in cloud policy enforcement along with recommendations to close gaps.

AI-Driven Activity Mapper

Leverages artificial intelligence to understand apps and map user actions to a uniform set of activities, enabling standardized monitoring and controls across apps.

On-Demand Data Scan

Identifies sensitive data stored at rest with the ability to target scans based on cloud service, date range, user, sharing status, and file size.

Collaboration Analytics

Visually summarizes sharing with third-party business partners, personal emails, and internal users and reports on policy exceptions.

Coaching and Enforcement

Displays just-in-time coaching messages guiding users from unapproved services to sanctioned alternatives and enforces granular policies such as read-only access.

Customizable Views and Reporting

Delivers pre-built reports and enables users to create custom views and reports, schedule periodic email reports, and download PDF, Excel, and CSV reports.

Activity Drilldown

Provides clickable drilldown to navigate from service-level upload statistics to granular user-level and event-level statistics with a complete activity feed for additional context.

Cloud Usage Analytics

Visually summarizes key usage statistics including the number of cloud services in use, traffic patterns, access count, and usage over time.


Cloud Data Loss Prevention

Enforces DLP policies based on data identifiers, keywords, and structured/unstructured fingerprints
across data at rest and uploaded or shared in real time.

Secure Collaboration

Enforces external sharing policies based on domain whitelist/blacklist and content and educates users on acceptable collaboration policies.

Pre-Built DLP Templates

Provides out-of-the-box DLP templates and a broad range of international data identifiers to help identify sensitive content such as PII, PHI, or IP.

Multi-Tier Remediation

Provides coach user, notify administrator, block, apply rights management, quarantine, tombstone, and delete options and enables tiered response based on severity.

Policy Violation Management

Offers a unified interface to review DLP violations, take manual action, and rollback an automatic remediation action to restore a file and its permissions.

Match Highlighting

Displays an excerpt with content that triggered a DLP violation. Enterprises, not Skyhigh, store excerpts, meeting stringent privacy requirements.

Closed-Loop Policy Enforcement

Optionally leverages policies in on-premises DLP systems, enforces policies, and registers enforcement actions in the DLP system where the policy is managed.

Multimode DLP

Enforces data loss prevention policies for data stored at rest in cloud services and data uploaded, shared, or emailed in real time.

Next Generation DLP Engine

Provides a native cloud DLP engine designed for DLP, resulting in greater accuracy and fewer false positives/negatives than third-party engines built for search.

Email Coaching

Delivers customizable email notifications to end users in response to policy violations to coach them on appropriate cloud usage.

Two-Pass Assessment

Optionally performs a first pass DLP assessment in the cloud before downloading potential violations to an on-premises DLP system for evaluation and reporting.

Threat Protection

Cloud SOC

Delivers a threat dashboard and incident-response workflow to review and remediate insider threats, privileged user threats, and compromised accounts.

Cloud Activity Monitoring

Provides a comprehensive audit trail of all user and administrator activities to support post-incident investigations and forensics.

User Behavior Analytics

Automatically builds a self-learning model based on multiple heuristics and identifies patterns of activity indicative of a malicious or negligent insider threat.

Account Compromise Analytics

Analyzes login attempts to identify impossible cross-region access, brute-force attacks, and untrusted locations indicative of compromised accounts.

Privileged User Analytics

Identifies excessive user permissions, inactive accounts, inappropriate access, and unwarranted escalation of privileges and user provisioning.

Malware Protection

Identifies and blocks known signatures, sandboxes suspicious files, and detects behavior indicative of malware exfiltrating data via cloud services and ransomware.

Guided Learning

Provides human input to machine learning models with real-time preview showing the impact of a sensitivity change on anomalies detected by the system.

Threat Modelling

Correlates multiple anomalous events within a cloud service or across cloud services to accurately separate true threats from simple anomalies.

Darknet Intelligence

Identifies stolen credentials leaked from breached cloud services to reveal users and services at risk.

Data Security

Security Configuration Audit

Discovers current cloud application or infrastructure security settings and suggests modifications to improve security based on industry best practices.

Contextual Access Control

Enforces policies based on user, managed/unmanaged device, personal/corporate account, and geography with coarse and activity-level enforcement.

Contextual Authentication

Forces additional authentication steps in real-time via integration with identity management solutions based on pre-defined access control policies.

Encryption and Tokenization

Delivers peer-reviewed, function preserving encryption schemes using enterprise-controlled keys, and tokenization for structured and unstructured data.

Information Rights Management

Applies rights management protection to files uploaded to or downloaded from cloud services, ensuring sensitive data is protected anywhere.


Skyhigh Gateway

Enforces policies with an inline proxy and steers traffic via device agent, proxy chaining, and identity providers to cover all access scenarios.

Skyhigh Cloud Connector

Connects to cloud services via cloud provider APIs to provide visibility and enforce security and compliance policies for all users and cloud-to-cloud activity.

Skyhigh Enterprise Connector

Collects logs from firewalls, proxies, and SIEMs, integrates with directory services via LDAP, and tokenizes sensitive data before uploading to the cloud.

Privacy Guard

Leverages an irreversible one-way process to tokenize user identifying information on premises and obfuscate enterprise identity.

Persona-Based Navigation

Provides a streamlined user interface and embedded workflows for four distinct personas: governance, compliance, security, and executive

Role-Based Access Control

Delivers pre-defined roles with granular and customizable permissions to manage the data and product capabilities users can access within Skyhigh.

Integration with Firewalls / Proxies

Provides script, API, and ICAP-based integration allowing you to enforce access and security policies consistently across your existing firewalls and proxies.

Integration with On-Premises DLP

Provides integration and closed-loop remediation with existing on-premises DLP solutions such as Symantec, EMC RSA, Intel McAfee, and Forcepoint.

Integration with SIEMs

Collects log files from SIEMs and provides the ability to report on incidents and events from Skyhigh in SIEM solutions via syslog and API integration.

Integration with Key Management Systems

Seamlessly integrates with your existing key management systems using KMIP to encrypt data with enterprise-controlled keys.

Integration with IDM

Leverages identity management (IDM) solutions for pervasive and seamless traffic steering through Skyhigh Gateway and contextual authentication.

Integration with IRM

Integrates with leading information rights management systems to enforce existing policies across sensitive data.

Integration with EMM/MDM

Integrates with enterprise mobility management solutions to enforce access control policies based on whitelisted devices and EMM certificates.

Skyhigh is the #1 CASB

Skyhigh #1 Wreath
Breadth of Functionality

Only CASB to provide DLP, threat protection, access control, and structured data encryption.

Skyhigh #1 Wreath
Breadth of Coverage

Only CASB to cover all users across all devices and support all cloud services, including custom apps on IaaS.

Skyhigh #1 Wreath
Platform Scalability

Only CASB that scales to support 2 billion cloud transactions per day at the world's largest global enterprises.

Skyhigh #1 Wreath
Platform Security

Only CASB that is FedRAMP compliant, ISO 27001/27018 certified, and stores no customer data in our cloud.