Understand the risk of each cloud service
Skyhigh delivers the largest and most accurate registry of over 20,000 cloud services with a 1-10 risk rating of each service based on a detailed security assessment across 50 objective criteria. Enterprises can modify the weights of these 50 attributes to generate customized risk scores tailored to their own unique risk profile. Cloud provider risk assessments in Skyhigh’s registry form the foundation of governance workflows and policy enforcement.
Report on cloud usage and risk
Skyhigh includes pre-built reports and dashboards that summarize cloud usage and risk across multiple dimensions. Users can create their own custom views and reports, which can be shared with other users. Skyhigh supports periodic email reports on key usage metrics based on customizable report templates. Cloud usage reports can also be downloaded in PDF format or exported in CSV or Excel formats for import into standalone reporting tools.
Enforce cloud governance policies
Skyhigh enforces governance policies based on cloud service groups. For example, Skyhigh can assign all file sharing services that claim ownership of data uploaded to the service to a service group and enforce read-only access so users can download data shared by business partners but cannot upload corporate data to these services.
Skyhigh groups services based on customer-defined governance criteria, such as approved, permitted, and denied acceptable use categories. Users can manually assign cloud services to a group or automatically assign group membership based on risk rating and specific risk attributes tracked in Skyhigh’s registry. A governance approval workflow ensures all changes to policy are reviewed and approved by a manager before taking effect.
Integration to firewalls and proxies
Identify and close policy enforcement gaps
Skyhigh maintains the most comprehensive and up-to-date database of cloud provider URLs and IP addresses. Identify gaps in policy enforcement due to inconsistent configuration across egress infrastructure, exception sprawl, and recently introduced cloud provider URLs that are unknown to egress providers, and push updated policies to close gaps in policy enforcement.
“As we pushed more data into the cloud, we had to answer tough questions – what are we using the cloud for, where is our data moving to, and who has access?”
“Skyhigh gives us the visibility we need to monitor web service usage, block high-risk services and coach users to enterprise-ready alternatives.”
“Once you have populated the Skyhigh dashboard, you can have an intelligent conversation with the businesses and get back into the power seat of being an enabler.”
“Cloud governance is about more than visibility. With Skyhigh, we’re creating and enforcing policies that work not only for our employees but also for IT.”
Prevent data leakage via unmanaged services
Skyhigh enforces data loss prevention policies across data bound for unmanaged cloud services in real time. Skyhigh DLP policies support rules based on keywords, data identifiers, user groups, and regular expressions. Enforcement actions include coach user, block, and notify administrator.
Detect cloud-based threats
Skyhigh captures a comprehensive audit trail of all user activity across cloud services for post-incident investigations and forensics. Leveraging user and entity behavior analytics (UEBA), Skyhigh then analyzes cloud usage and identifies patterns indicative of security breaches, insider threats, and malware exfiltrating data from on-premises systems via unmanaged cloud services. Skyhigh also integrates with threat intelligence feeds to identify data bound to IP destinations associated with spyware, phishing, and botnets.
Skyhigh is the #1 CASB
Breadth of Functionality
Only CASB to provide DLP, threat protection, access control, and structured data encryption.
Breadth of Coverage
Only CASB to cover all users across all devices and support all cloud services, including custom apps on IaaS.
Only CASB that scales to support 2 billion cloud transactions per day at the world's largest global enterprises
Only CASB that is FedRAMP compliant, ISO 27001/27018 certified, and stores no customer data in our cloud.