Skyhigh for ServiceNow

Meet strict data privacy and compliance requirements while delivering an uncompromised cloud-first experience

Encrypt data with enterprise-owned keys

Protect structured and unstructured data with standards-based AES encryption, function-preserving encryption, and tokenization to ensure sensitive infrastructure data is protected.

Preserve application functionality

Support critical end-user functionality such as search, sort, and format by selecting from a variety of academia- and peer-reviewed encryption schemes developed in collaboration with experts in the industry.

Own your encryption keys

Integrate with any KMIP-compliant key management server, enabling you to maintain control of your keys and comply with industry regulations and security policies.

Download the Datasheet

Download the Skyhigh for ServiceNow datasheet for a complete list of product capabilities.

Download Now

Gain visibility into ServiceNow usage and prevent misuse

Understand all user, admin and third party applications accessing ServiceNow data. Capture all activities including uploads, downloads, views, edits, and deletes to support forensics investigations. Leverage machine learning to identify anomalous behavior indicative of compromised accounts or insider threats. Manage ServiceNow security from a unified dashboard or feed security incidents into your existing SIEMs for consistent reporting and remediation.

“Skyhigh allows us to have more control over data security by adding an additional layer of protection beyond the typical cloud service provider can offer.”

Jenai Marinkovic, Chief Security Officer

“In an environment with millions of unique events each day, Skyhigh does a nice job of cutting through the noise and directing us to the areas of greatest security concern.”

Ralph Loura, Chief Information Officer

“When IT can bring the audit committee and executive members together and they are comfortable using the cloud, it is huge. Skyhigh is mitigating and lowering risk. It's a fact.”

Jeff Haskill, Chief Information Security Officer

“We’re seeing both costs and risk go down as a result of our work with Skyhigh.”

Mike Bartholomy, Senior Manager of Information Security

Seamless integration with the ServiceNow ecosystem

Preserve all application functionality and ensure consistent enforcement of policies across all devices and browser, mobile, and sync clients and SSO services such as Okta, OneLogin, and Ping Identify.

More than ServiceNow

Skyhigh Cloud Access Security Broker helps more than 600 enterprises enforce their security, compliance, and governance policies for over 20,000+ cloud services, including Salesforce, ServiceNow, Box, 0365, Google Drive, Dropbox and many more.

Key Features

Shadow IT Discovery

Identifies any shadow IT cloud services employees are using in place of the corporate standard, ServiceNow.

Coaching and Enforcement

Displays just-in-time coaching messages guiding users from unapproved services to ServiceNow and enforces granular policies such as read-only access.

Usage Analytics

Identifies all users and groups accessing ServiceNow and reveals which users are accessing sensitive data.

User Groups

Discovers and groups users from directory services and ServiceNow. User groups can be leveraged for analytics and policy enforcement.

Cloud Data Loss Prevention

Enforces DLP policies based on data identifiers, keywords, user groups, and regular expressions with multiple remediation options.

Next Generation DLP Engine

Provides a native cloud DLP engine designed for DLP, resulting in greater accuracy and fewer false positives/negatives than third-party engines built for search.

Multi-Tier Remediation

Provides multiple options including coach user, notify administrator, block, and encrypt and enables tiered response based on severity.

Policy Violation Management

Offers a unified interface to review DLP violations and manage remediation workflow as incident status is updated and resolved.

Email Coaching

Delivers customizable email notifications to end users in response to policy violations to coach them on appropriate ServiceNow usage.

Pre-Built DLP Templates

Provides out-of-the-box DLP templates and a broad range of international data identifiers to help identify sensitive content such as PII, PHI, or IP.

Contextual Access Control

Enables on-premises and mobile access control policies based on user groups, device, activity, and geography with coarse blocking and granular view, edit, and download permissions.

Contextual Authentication

Forces additional authentication steps in real-time via integration with identity management solutions based on pre-defined access control policies.

Unmanaged Device Control

Enforces distinct access policies for managed and unmanaged devices by integrating with EMM/MDM solutions and registering and fingerprinting unmanaged devices.

Structured Data Encryption

Applies standards-based AES or peer-reviewed, function-preserving encryption schemes to structured data using enterprise-controlled encryption keys.

Searchable Symmetric Encryption

Encrypts unstructured data and leverages advancements in encrypted search indexes to enable end-user search without compromising security.

Persona-Based Navigation

Provides a streamlined user interface and embedded workflows for four distinct personas: governance, compliance, security, and executive.

Role-Based Access Control

Delivers pre-defined roles with granular and customizable permissions to manage the data and product capabilities users can access within Skyhigh.

Enterprise Connector

Collects logs from firewalls, proxies, and SIEMs, integrates with directory services via LDAP, and tokenizes sensitive data before uploading to the cloud.

Privacy Guard

Leverages an irreversible one-way process to tokenize user identifying information on premises and obfuscate enterprise identity.

Integration with Firewalls / Proxies

Provides script, API, and ICAP-based integration allowing you to enforce access and security policies consistently across your existing firewalls and proxies.

Integration with SIEMs

Combines Skyhigh anomaly and event data with events from other systems and leverages your existing incident remediation process.

Integration with Key Management Systems

Seamlessly integrates with your existing key management systems using KMIP to encrypt data with enterprise-controlled keys.

Flexible Deployment Options

Offers the ability to deploy Skyhigh in the cloud, on premises as a virtual appliance, or in a hybrid model.

Integration with IDM

Leverages identity management (IDM) solutions for pervasive and seamless traffic steering through Skyhigh’s proxy and contextual authentication.

Integration with EMM/MDM

Integrates with enterprise mobility management solutions to enforce access control policies based on whitelisted devices and EMM certificates.

Total Coverage Architecture

Leverages a complete coverage model including log collection, forward proxy chaining, packet capture, API, and reverse proxy deployment modes to support all cloud access scenarios.

Skyhigh is the #1 CASB

Breadth of Functionality

Only CASB to provide DLP, threat protection, access control, and structured data encryption.

Breadth of Coverage

Only CASB to cover all users across all devices and support all cloud services, including custom apps on IaaS.

Platform Scalability

Only CASB that scales to support 2 billion cloud transactions per day at the world's largest global enterprises.

Platform Security

Only CASB that is FedRAMP compliant, ISO 27001/27018 certified, and stores no customer data in our cloud.