Skyhigh Compliance

Identify sensitive data in motion or at rest in cloud services and enforce data loss prevention policies to comply with industry regulations and internal policies

Download Solution Brief

Enforce data loss prevention policies for data at rest and in motion

Skyhigh provides a unified DLP policy engine, incident reporting, and remediation workflow for all cloud services. Skyhigh scans existing data in the cloud to identify policy violations and enforce policies retroactively. As users upload new data, Skyhigh enforces polices in real-time.

Granular DLP policies

Configure precise DLP policy rules using data identifiers for common data types (e.g. Social Security numbers, credit card numbers, etc.), file names, keywords, file sizes, file types, regular expressions that identify custom patterns (e.g. IP addresses, medical record numbers, etc.), third-party document classification tags, and user actions such as creating a link to share.

Enterprise-class remediation

Skyhigh reports on policy violations and can automatically perform remediation to protect data. Remediation actions can be tiered based on the severity of the violation and include: block upload, encrypt, quarantine, modify sharing permissions, revoke a shared link, and delete. End users are notified of violations and can self-report a potential false positive should it occur.

Download the Solution Brief

Download the Skyhigh Compliance solution brief for more information.

Download Now

Audit internal and external sharing

Skyhigh analyzes collaboration permissions within cloud-based file sharing services to internal departments, business partners, and personal emails. Visually browse data flows in aggregate or for specific types of sensitive data and review policy violations.

Collaboration policies

Skyhigh enforces collaboration policies based on domain whitelist/blacklist and document content. Remediation actions include educating users on acceptable sharing, modifying permissions to disable third-party editing while retaining access, and prohibiting third-party access.

Shared link policies

Shared links provide untraceable access to a file for anyone with the link, and are easily forwarded to third parties. Skyhigh enforces blanket shared link policies, or granular DLP policies using shared links as one rule in the policy. In response to a policy violation, Skyhigh can revoke a shared link.

“Skyhigh allows us to extend DLP outside the perimeter and into the cloud and the user experience is seamless.”

Mike Benson, Chief Information Officer

“We use Skyhigh to layer security controls like data loss prevention and access control for Box so that the easy path to collaboration is also the secure path.”

Tim Tompkins, Senior Director of Security Innovation

“Skyhigh lets us use Box to its full capability. We can see how our data is being used and if it is being shared with third parties.”

Jeff Haskill, Chief Information Security Officer

“Skyhigh helps us securely enable high-impact cloud services like Office 365 while ensuring data security and compliance with HIPAA and HITECH.”

Mark Dunkerley, Manager of Messaging, Mobile and Video Services

“With Skyhigh we were able to implement cloud security policies without impacting business user productivity.”

Brian Lillie, Chief Information Officer

Review DLP incidents from a unified interface

Security teams review DLP policy violations in Skyhigh for all cloud services via a unified policy violation interface showing the policy violated, user, file, severity, and outcome. Reviewers can filter violations to focus on high-priority incidents and potential false positives reported by end users.

Investigative drill-down

Compliance reviewers can drill down into violations by cloud service, policy type, department, user, and time frame to understand the full context of who did what when. Reviewers can analyze the original file that triggered the violation in its native format to understand the context of violation.

Complete remediation workflow

Skyhigh uses data identifiers purpose-built for DLP, rather than OEM search technology, leading to the most accurate DLP policy engine in the industry. Upon review, in the event a document does not violate a policy, a quarantine or revoked collaboration action can be rolled back to restore the file and permissions.


Get started quickly with DLP templates

Skyhigh provides out-of-the-box DLP policy templates for major industries and regulations including PCI DSS, HIPAA, HITECH, GLBA, SOX, CIPA, FISMA, and FERPA so you can start enforcing policies immediately.


Leverage existing DLP policies and workflow

Skyhigh integrates with leading DLP solutions from Symantec, EMC RSA, Intel McAfee, and Websense via ICAP. Leveraging policies configured in an on-premises DLP solution, Skyhigh can inspect data in the cloud, enforce a policy, and register the enforcement action in the DLP solution where the policy is managed with closed loop remediation.

Key Features

Cloud Data Loss Prevention

Enforces DLP policies based on data identifiers, keywords, and regular expressions and supports alerting, blocking, encrypting, tombstoning, and quarantining actions.

Next Generation DLP Engine

Provides a native cloud DLP engine designed for DLP, resulting in greater accuracy and fewer false positives/negatives than third-party engines built for search.

Multi-Tier Remediation

Provides multiple options including coach user, notify administrator, block, encrypt, quarantine, tombstone, and delete and enables tiered response based on severity.

Policy Violation Management

Offers a unified interface to review DLP violations, take manual action, and rollback an automatic remediation action to restore a file and its permissions.

Hit Highlighting

Displays an excerpt with content that triggered a violation to understand its context. Enterprises, not Skyhigh, store excerpts, meeting stringent privacy requirements.

Email Coaching

Delivers customizable email notifications to end users in response to policy violations to coach them on appropriate cloud usage.

Secure Collaboration

Enforces external sharing policies based on domain whitelist/blacklist and content and educates users on acceptable collaboration policies.

Pre-Built DLP Templates

Provides out-of-the-box DLP templates and a broad range of international data identifiers to help identify sensitive content such as PII, PHI, or IP.

Closed-Loop Policy Enforcement

Optionally leverages policies in on-premises DLP systems, enforce policies, and registers enforcement actions in the DLP system where the policy is managed.

Two Pass Assessment

Optionally performs a first pass DLP assessment in the cloud before downloading potential violations to an on-premises DLP system for evaluation and reporting.

Integration with On-Premises DLP

Provides integration and closed-loop remediation with existing on-premises DLP solutions such as Symantec, EMC RSA, Intel McAfee, and Websense.