This week, Cisco announced that it is advancing its Security Everywhere strategy by adding Cisco® Cloud Access Security (CAS), which provides visibility and data security for cloud-based applications. A key element in Cisco’s CAS offering is the partnership between Cisco and Skyhigh, which delivers increased visibility into company-wide cloud usage and policy enforcement.
Security of data in the cloud: a growing concern
The cloud is here to stay and this has vastly changed the network perimeter. According to the recent Skyhigh Cloud Adoption and Risk report, the average organization uses 1,154 cloud services. The average employee actively uses 30 cloud services at work, including 8 collaboration services (e.g. Office 365, Gmail, etc.), 5 file sharing services (e.g. Box, OneDrive, etc.), and 4 content sharing services (e.g. YouTube, Flickr, etc.).
Sensitive data is moving to these cloud services. Skyhigh’s analysis of file sharing services finds that 15.8% of documents uploaded contain some form of health, payment, personal, or confidential corporate data. The average company also experiences 9.3 insider threat incidents each month, which range from an employee inadvertently sharing a document containing Social Security numbers, to a rogue employee taking data when they leave the company to join a competitor.
The challenge for many organizations is that they lack granular visibility into which cloud services are in use by which employees, what is the risk of those services, what data is uploaded to the cloud or downloaded from the cloud, and what activity is occurring within cloud services. Without this visibility, they cannot enforce security, compliance, and governance policies.
Leveraging existing infrastructure to gain visibility and enforce control
Skyhigh’s partnership with Cisco will enable Cisco’s customers to gain additional visibility into their cloud usage and enforce policy-based control. The integration with Cisco offerings will provide customers with granular visibility into cloud traffic, even encrypted traffic, for over 16,000 cloud services.
Skyhigh provides a CloudTrust Rating of enterprise-readiness for each service based on 54 objective attributes, so customers can make informed decisions on which cloud services to enable for their organization and manage them through a cloud governance workflow that is enforced using those same proxies.
Skyhigh’s connection to the pxGrid feeds rich telemetry data on cloud usage to Cisco ISE, providing greater context for the enforcement of network access policies such as quarantine and remediation. In turn, Cisco ISE feeds information to Skyhigh, enabling customers to implement cloud access control policies based on network and device context.
Enforcing granular policies for cloud services
The integration of Skyhigh and Cisco also enables a range of granular data and access control policy enforcement options. Customers can enforce policy-based controls such as allowing access but also delivering an educational message to the user coaching them to use an enterprise-approved alternative.
They can also enforce granular access policies such as enabling download to corporate-issued devices while disabling upload from any device or preventing the upload of data to services that claim ownership of all data uploaded to them. Customers can also enforce data loss prevention (DLP) policies to protect their sensitive data from being stored in a cloud service or being retrieved from a cloud service, such as preventing a .PST file from a corporate-issued device to be uploaded to a cloud service with poor security controls.
Finally, this partnership gives Cisco customers the ability to automatically detect and protect against internal and external threats. Cyber attacks increasingly leverage cloud services to exfiltrate data. Skyhigh analyzes cloud usage, develops behavioral baselines, and detects unusual activity indicative of data exfiltration from insider threats, compromised accounts, and security breaches.