We Take Security Seriously
A cloud security solution is a critical component of your IT infrastructure. It controls how employees, contractors, partners and customers gain access to cloud services.
Skyhigh is designed from the ground up to help you meet your security and compliance needs and also be the enterprise grade service you can trust.
Skyhigh has invested heavily to provide an enterprise grade service. Those investments include:
- ISO 27001 certification
- ISO 27018 certification
- FedRAMP compliance
- Transparency of controls and compliance
- Operations and DataSecurity expertise & oversight
- Independent Penetration & vulnerability testing
1. ISO 27001 certification
One of the most robust certifications a cloud provider can attain is ISO 27001 certification. Attaining ISO certification is a reflection of our commitment to security across multiple functions. We’re proud to be the first cloud access security broker to attain certification and join the 4% of cloud providers who have gone through this extensive validation process.
2. ISO 27018 certified
ISO 27018 is the first standard to outline globally accepted guidelines for protecting PII used and stored in cloud services. Adherence to the standard requires a high-level of sophistication in the handling of PII and a significant commitment in time and resources to the rigorous process.
ISO 27018 assures customers that sensitive data will be protected in several distinct ways:
- Control: Customers control how their data is used by the cloud provider
- Transparency: Disclosure of policies relating to third party access, data residency and the return, transfer, and deletion of PII
- Investigation: The prompt and thorough examination of any breach that may have led to the loss of sensitive customer information
- Communication: Notification of all security incidents and law enforcement requests
- Compliance: Yearly third party audits of the on-going conformance to standard guidelines
3. FedRAMP compliance
Considered as one of the most stringent security assessment, McAfee is the first and only Cloud Access Security Broker (CASB) to achieve FedRAMP compliance. As part of the accreditation process, a Third Party Accreditation Organization (3PAO) assessed McAfee across a range of controls and categorized us as a moderate impact-level service.
4. Transparency of controls and compliance
5. EU-U.S. and Swiss-U.S Privacy Shield
McAfee is a member of the Privacy Shield program designed by the U.S. Department of Commerce and the European Commission and Swiss Administration to provide a mechanism to comply with data protection requirements when transferring personal data from the EU and Switzerland to the United States.
Interested parties can learn more and lookup organizations that have signed up to the scheme here: https://www.privacyshield.gov/welcome
6. We Self-Certify Compliance with:
7. Operations and Data
McAfee Operations partners with trusted industry leaders like Equinix and XO communications to provide a secure, performant, highly available infrastructure. Access to infrastructure is closely controlled and limited to trusted senior team members. Two-factor authentication and IPSec VPNs ensure strong authentication and encryption of data.
8. Security expertise & oversight
Our service was built by a team with a proven track record in enterprise security. Prior to founding McAfee, the team was responsible at Cisco for products that enable customers to administer, enforce, and audit standards-based, consistent access policies across the IT stack. The team delivered the Identity Services Engine, a product that won the coveted Pioneer Award in Cisco and is considered to be a game changer for Cisco.
9. Independent penetration & vulnerability testing
While we audit ourselves continually, we remember Richard Feynman’s principle: “you must not fool yourself, and you are the easiest person to fool.” Accordingly, major software releases are heavily audited by a 3rd party (Data Theorem), at least twice a year.