Skyhigh Rolls Out Custom Enterprise App Security for Public Clouds
Enterprises are shifting more and more of their business onto cheap, scalable Infrastructure-as-a-Service (IaaS) clouds. To oversee and secure all of the complex array of applications, data, and services migrating to the cloud, IT and security teams are increasingly turning to Cloud Access Security Broker (CASB) platforms. Ahead of this year's RSA security conference, CASB platform provider Skyhigh Networks today announced "Skyhigh for Custom Apps" and "Skyhigh for IaaS," extensions of Skyhigh's CASB technology that let enterprises manage all of the custom apps deployed across public cloud from a single control point.
The Skyhigh Networks CASB platform is a cloud-based platform from which IT can configure access privileges, manage identity, and enforce endpoint security policies and encryption for every Software-as-a-Service (SaaS) app that makes up an enterprise's app stack. At the RSA security conference this year, Skyhigh Networks CEO Rajiv Gupta said the company will demonstrate a major extension of its CASB platform to cover every app an enterprise has running on public cloud infrastructure, as well as to provide audit trails and security recommendations for Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
Gupta described the CASB platform extension as a self-service experience that allows IT and security teams to onboard their own services running on AWS, Azure, GCP, or other public clouds. Skyhigh works the same way with SaaS services: integrating directly with the application programming interface (API) so that the added security, compliance, and data governance measures don't add more friction for the user.
Skyhigh for Custom Apps gives IT a real-time dashboard of user activity across deployed apps. The dashboard also lets administrators configure custom compliance and data access control policies across apps and user permission levels, along with managing data access to Bring-Your-Own-Device (BYOD) devices and ensuring end-to-end data encryption. The features in Skyhigh for IaaS add audit trail and compliance recommendations for the specific cloud infrastructure on which enterprise apps are running and identifies inactive accounts.
"The way we give the enterprise visibility is through analytics," said Gupta. "We gather the logs off your existing firewalls and proxies, look at that data, and give the CIO or infosec team a useful cross-section of what's happening, what security risks exist, etc."
Inside Skyhigh's CASB Platform
Gupta explained how Skyhigh's CASB platform works on two levels: it gives enterprises a single access point from which to oversee all of the SaaS services they're adopting as well as the IaaS apps they're hosting on cloud platforms. At the same time, it's designed to shine a light on shadow IT practices within an organization. According to Gupta, a CASB platform gives IT greater visibility into all of the cloud-based apps and services connected to the corporate network, and then collects data and real-time analytics to help IT enforce security and compliance policies, without adding friction for users.
"We want to enable the organization to use all the appropriate SaaS services, be it Salesforce or Box, or the biggest runaway train by a country mile lately has been Office 365," said Gupta. "We're also starting to see Slack adoption really rev up."
"In the context of all these services my organization wants to sanction, we want to make it easy to adopt that service while making sure the security controls are there, and configure policies for different types of users and departments," Gupta continued. "So, in a file sync and share service like Box, we're looking for potential threats and compliance violations, and also setting up DLP from a single control point to be enforced wherever that data goes—whether it's Salesforce or Office 365. We also want to set policies for marketing, sales, finance, etc. For instance, based on whether they're accessing an app from behind or outside the firewall, we might let an employee access their corporate email but not let them sync files if it's on a personal device."