The Next Next Big Thing

Skyhigh Data Security

Enforce data-centric security policies including encryption with your own keys, contextual access control, and digital rights management

Download Solution Brief

Encrypt data in the cloud using your keys

Skyhigh delivers end-to-end structured and unstructured data encryption using a multimode approach that protects data as it is uploaded to the cloud as well as data already stored in cloud services. Skyhigh provides superior protection by letting you own the encryption keys and integrates with KMIP-compliant key management solutions to extend existing key policies to the cloud.

Data uploaded in real time

Skyhigh seamlessly encrypts data in real time as users upload it to the cloud, ensuring cloud providers only store and have access to obfuscated data. As authenticated users view information in a cloud application or download a file, Skyhigh transparently decrypts data so that authorized users always see the clear text.

Existing data in the cloud

Many organization already have terabytes or petabytes of data stored in cloud services, which can include sensitive or regulated data. Skyhigh scans for sensitive content already stored in cloud services and retroactively encrypts it based on policy to meet security and compliance requirements.

Download the Solution Brief

Download the Skyhigh Data Security solution brief for more information.

Download Now

Enforce contextual access control policies

Skyhigh enforces granular permissions for activity within cloud services based on contextual factors such as the cloud service, user, device, attempted action, and location in addition to simple coarse-level policies to allow/block access.

Managed and unmanaged device policies

Skyhigh can enforce specific access control policies for unmanaged devices, such as allow view but block download. Skyhigh registers new devices attempting to access a cloud service and generates a unique device fingerprint, associating the device with a trusted user account. Skyhigh also integrates with MDM solutions to enforce access policies based on whether the device is whitelisted or has an MDM certificate installed.

Contextual authentication

Skyhigh integrates with identity providers and can force additional authentication steps to confirm user identity based on pre-defined access control policies. For example, Skyhigh can require multi-factor authentication when a user attempts to download a sensitive report from the company’s CRM or can force multi-factor authentication in the event of a suspected compromised account.

“Skyhigh helps us encrypt personally identifiable information in Salesforce using encryption keys we control while preserving searching and sorting functionality.”

Mike Bartholomy, Senior Manager, Information Security

“Skyhigh allows us to have more control over data security by adding an additional layer of protection beyond the typical cloud service provider can offer.”

Jenai Marinkovic, Chief Security Officer

“With Skyhigh we were able to implement cloud security policies without impacting business user productivity.”

Brian Lillie, Chief Information Officer

“Skyhigh helps us securely enable high-impact cloud services like Office 365 while ensuring data security and compliance with HIPAA and HITECH.”

Mark Dunkerley, Manager of Messaging, Mobile and Video Services

A user-centric approach to security

Skyhigh rejects the premise that security must compromise the native experience of cloud services that users love. Skyhigh has a patented approach that forms a seamless and persistent layer of data protection and real-time policy enforcement, for both employees and third party users, without any impact to how they access or use cloud services.

Function-friendly encryption

Working in conjunction with the industry’s first Cryptography Advisory Board, Skyhigh has developed several peer- and academia-reviewed advancements in structured and unstructured data encryption that maintain business-critical functions, such as searching and sorting, along with field-level formatting while still offering robust data protection.

No agents, no VPN, no new URLs

Skyhigh enforces real-time policies using a proxy that brokers traffic between the end user and cloud provider. Our patented Pervasive Cloud Control capability leverages SAML to seamlessly redirect the user session through the proxy, forming a persistent layer of protection for all users without agents, VPN, or changes to the URL.

Implement content-based DRM policies

Skyhigh integrates with digital rights management (DRM) solutions to apply granular file-level permissions such as copy, forward, print, and expiration. Skyhigh can apply rights management protection to files as they are downloaded from cloud services based on the content of the document and context of the activity.

Key Features

Security Policy Audit

Discovers current cloud application security settings and suggests modifications to improve security based on industry best practices.

Contextual Access Control

Enables on-premises and mobile access control policies based on user, device, activity, and geography with coarse blocking and granular view, edit, and download permissions.

Contextual Authentication

Forces additional authentication steps in real-time via integration with identity management solutions based on pre-defined access control policies.

Unmanaged Device Control

Enforces distinct access policies for managed and unmanaged devices by integrating with EMM/MDM solutions and registering and fingerprinting unmanaged devices.

Multimode Encryption

Identifies and encrypts existing data found in cloud services and transparently encrypts new data uploaded to the cloud in real time.

Structured Data Encryption

Applies standards-based AES or peer-reviewed, function-preserving encryption schemes to structured data using enterprise-controlled encryption keys.

Searchable Symmetric Encryption

Encrypts unstructured data and leverages advancements in encrypted search indexes to enable end-user search without compromising security.

Preservation of Application Functionality

Preserves end-user functions such as search, sort, and format using academia and peer-reviewed encryption schemes.

Information Rights Management

Defines a circle of trust for any document and enforces rights management policies through integration with IRM solutions.

Integration with Key Management Systems

Seamlessly integrates with your existing key management systems using KMIP to encrypt data with enterprise-controlled keys.

Integration with EMM/MDM

Integrates with enterprise mobility management solutions to enforce access control policies based on whitelisted devices and EMM certificates.

Seamless IDM Integration

Integrates with identity management (IDM) solutions, enabling pervasive and seamless policy enforcement and contextual authentication.