Enterprises are shifting more and more of their business onto cheap, scalable Infrastructure-as-a-Service (IaaS) clouds. To oversee and secure all of the complex array of applications, data, and services migrating to the cloud, IT and security teams are increasingly turning to Cloud Access Security Broker (CASB) platforms. Ahead of this year's RSA security conference, CASB platform provider Skyhigh Networks today announced "Skyhigh for Custom Apps" and "Skyhigh for IaaS," extensions of Skyhigh's CASB technology that let enterprises manage all of the custom apps deployed across public cloud from a single control point.
The Skyhigh Networks CASB platform is a cloud-based platform from which IT can configure access privileges, manage identity, and enforce endpoint security policies and encryption for every Software-as-a-Service (SaaS) app that makes up an enterprise's app stack. At the RSA security conference this year, Skyhigh Networks CEO Rajiv Gupta said the company will demonstrate a major extension of its CASB platform to cover every app an enterprise has running on public cloud infrastructure, as well as to provide audit trails and security recommendations for Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
"From a company perspective, this is as big of a launch for us as when we defined the CASB market in the first place," said Gupta. "We're taking this control point we created that can handle thousands of SaaS services and now enabling enterprises to use it to set DLP [data loss prevention] policies, insider threat policies, privileged access, and more—consistently across your hundreds of thousands of custom apps written and deployed around the world."
Gupta described the CASB platform extension as a self-service experience that allows IT and security teams to onboard their own services running on AWS, Azure, GCP, or other public clouds. Skyhigh works the same way with SaaS services: integrating directly with the application programming interface (API) so that the added security, compliance, and data governance measures don't add more friction for the user.
Skyhigh for Custom Apps gives IT a real-time dashboard of user activity across deployed apps. The dashboard also lets administrators configure custom compliance and data access control policies across apps and user permission levels, along with managing data access to Bring-Your-Own-Device (BYOD) devices and ensuring end-to-end data encryption. The features in Skyhigh for IaaS add audit trail and compliance recommendations for the specific cloud infrastructure on which enterprise apps are running and identifies inactive accounts.
"The way we give the enterprise visibility is through analytics," said Gupta. "We gather the logs off your existing firewalls and proxies, look at that data, and give the CIO or infosec team a useful cross-section of what's happening, what security risks exist, etc."
Inside Skyhigh's CASB Platform
Gupta explained how Skyhigh's CASB platform works on two levels: it gives enterprises a single access point from which to oversee all of the SaaS services they're adopting as well as the IaaS apps they're hosting on cloud platforms. At the same time, it's designed to shine a light on shadow IT practices within an organization. According to Gupta, a CASB platform gives IT greater visibility into all of the cloud-based apps and services connected to the corporate network, and then collects data and real-time analytics to help IT enforce security and compliance policies, without adding friction for users.
"We want to enable the organization to use all the appropriate SaaS services, be it Salesforce or Box, or the biggest runaway train by a country mile lately has been Office 365," said Gupta. "We're also starting to see Slack adoption really rev up."
Company Dossier Name: Skyhigh NetworksFounders: CEO Rajiv Gupta, CTO Kaushik Narayan, SVP of Engineering Sekhar SarukkaiHQ: Silicon ValleyEmployees: 300-plusIncorporated: 2012Exited Stealth: 2013What They Do: Cloud Access Security Broker (CASB)What That Means: A single control point from which IT can manage access, compliance, and security for all of the SaaS and IaaS apps an enterprise has deployed.Funding: $118 millionMain Backers: Sequoia Capital, Greylock Partners, Thomvest VenturesCustomer Base: 600-plus customers; more than 40 percent of Fortune 500
"In the context of all these services my organization wants to sanction, we want to make it easy to adopt that service while making sure the security controls are there, and configure policies for different types of users and departments," Gupta continued. "So, in a file sync and share service like Box, we're looking for potential threats and compliance violations, and also setting up DLP from a single control point to be enforced wherever that data goes—whether it's Salesforce or Office 365. We also want to set policies for marketing, sales, finance, etc. For instance, based on whether they're accessing an app from behind or outside the firewall, we might let an employee access their corporate email but not let them sync files if it's on a personal device."
Skyhigh came out of stealth to launch its CASB platform in 2013. As the IaaS and SaaS markets continue to grow at a healthy clip, the CASB space has grown far more competitive. Notable players include Adallom (acquired by Microsoft), CipherCloud, CloudLock (acquired by Cisco), IBM Cloud Security Enforcer, Imperva Skyfence, Palerra (acquired by Oracle), among others. Gupta said CASB is sometimes referred to as a "virtual cloud edge" but he likens that analogy to calling a car "a horseless carriage." It's putting new technology in the context of a previous way of thinking.
"As a security team, we need to empower our lines of business to get our jobs done. The analogy I think about is security in some senses like brakes on a car," said Gupta. "If your mindset is that the brakes are there to slow you down, that's how you'll drive. The brakes are also there to help you go faster without worrying. As a CISO, the brakes your security team is putting in are there to help the business be more agile, more cost-efficient, etc. Your job is to make sure you're enabling cloud while making sure the controls are there for security and privacy on a massive scale. And then we enforce those policies in the cloud app running in AWS, without the developers ever touching the code."