Data uploaded in real time
Skyhigh seamlessly encrypts data in real time as users upload it to the cloud, ensuring cloud providers only store and have access to obfuscated data. As authenticated users view information in a cloud application or download a file, Skyhigh transparently decrypts data so that authorized users always see the clear text.
Existing data in the cloud
Many organization already have terabytes or petabytes of data stored in cloud services, which can include sensitive or regulated data. Skyhigh scans for sensitive content already stored in cloud services and retroactively encrypts it based on policy to meet security and compliance requirements.
Enforce contextual access control policies
Skyhigh enforces granular permissions for activity within cloud services based on contextual factors such as the cloud service, user, device, attempted action, and location in addition to simple coarse-level policies to allow/block access.
Managed and unmanaged device policies
Skyhigh can enforce specific access control policies for unmanaged devices, such as allow view but block download. Skyhigh registers new devices attempting to access a cloud service and generates a unique device fingerprint, associating the device with a trusted user account. Skyhigh also integrates with MDM solutions to enforce access policies based on whether the device is whitelisted or has an MDM certificate installed.
Skyhigh integrates with identity providers and can force additional authentication steps to confirm user identity based on pre-defined access control policies. For example, Skyhigh can require multi-factor authentication when a user attempts to download a sensitive report from the company’s CRM or can force multi-factor authentication in the event of a suspected compromised account.
“Skyhigh helps us encrypt personally identifiable information in Salesforce using encryption keys we control while preserving searching and sorting functionality.”
“Skyhigh allows us to have more control over data security by adding an additional layer of protection beyond the typical cloud service provider can offer.”
“With Skyhigh we were able to implement cloud security policies without impacting business user productivity.”
“Skyhigh helps us securely enable high-impact cloud services like Office 365 while ensuring data security and compliance with HIPAA and HITECH.”
A user-centric approach to security
Skyhigh rejects the premise that security must compromise the native experience of cloud services that users love. Skyhigh has a patented approach that forms a seamless and persistent layer of data protection and real-time policy enforcement, for both employees and third party users, without any impact to how they access or use cloud services.
Working in conjunction with the industry’s first Cryptography Advisory Board, Skyhigh has developed several peer- and academia-reviewed advancements in structured and unstructured data encryption that maintain business-critical functions, such as searching and sorting, along with field-level formatting while still offering robust data protection.
No agents, no VPN, no new URLs
Skyhigh enforces real-time policies using a proxy that brokers traffic between the end user and cloud provider. Our patented Pervasive Cloud Control capability leverages SAML to seamlessly redirect the user session through the proxy, forming a persistent layer of protection for all users without agents, VPN, or changes to the URL.
Implement content-based DRM policies
Skyhigh integrates with digital rights management (DRM) solutions to apply granular file-level permissions such as copy, forward, print, and expiration. Skyhigh can apply rights management protection to files as they are downloaded from cloud services based on the content of the document and context of the activity.