Cloud Security Broker Skyhigh Focuses On 'Deep' Auditing


Skyhigh Networks is among a growing number of security vendors hoping to capture a large share of the cloud data security market. CEO Rajiv Gupta believes Skyhigh is differentiating itself by focusing first on contextual access control and application auditing.

The company's new Skyhigh Secure product combines access control and application auditing features with encryption and data loss prevention. Gupta told CRN that the channel is showing interest in the capabilities offered by cloud security brokers, a new breed of security firm that has emerged to increase the protection of enterprise data residing in cloud Software-as-a-Service applications and hosted systems.

Other security firms have focused on securing data through the use of encryption or tokenization, offering DLP, auditing and malware protection, Gupta said. Skyhigh offers data encryption as well, but he said it is a small fraction of the company's overall business. Businesses either don't want to manage the encryption or don't have data that's sensitive enough to require it, Gupta said.

[Related: Emerging Vendors 2013: Security Vendors]

Skyhigh does a reverse proxy, enabling end users to use a browser from any location to tap into cloud services such as Box and Salesforce.com. Skyhigh does the authentication and access control for the enterprise, checking an end user's location and other factors to determine whether additional authentication challenges are needed. The reverse-proxy approach is particularly useful against the threat of man-in-the-middle attacks, which attempt to hijack a victim's session, Gupta said.

"We provide protection for a bunch of services without requiring a partnership or a footprint with the provider," Gupta said. "You cannot go around us; if you want to go into an account you have to authenticate yourself and there's no weakness in this particular reverse-proxy approach."

Gupta said the company also can do "deep" application granularity to tell whether an object is downloaded or moved. "We are independent of the back-end service," Gupta said. "If you have confidential data, knowing who is viewing it or downloading it is important."

Some channel providers are having success with Skyhigh's risk discovery capabilities, which can scan a corporate network to determine the breadth of cloud-based services that employees are using. Chad Cardenas, vice president of business development and new technology integration at Irvine, Calif.-based Trace3, a Skyhigh partner, said Trace3's initial experience with Skyhigh has been with using the risk discovery report.

"Seeing the extent of cloud services within an organization is an eye-opener and, when you dig into the details and see the risk rating of each of those services, it gives us ground to enable a broader discussion about security," Cardenas said. "This is a way for us to attach ourselves to those conversations and be a strategic part of cloud migrations and cloud security."

Identity management and access control projects can be costly and lengthy, making Skyhigh a lightweight approach to addressing cloud authentication, said Wendy Nather, research director at the 451 Group, an IT research firm.

"There will be more enterprises that have no idea what cloud services their employees are using and are desperate to get control of it," Nather said. "From that perspective, I would guess that the most important functions will be access control and usage logging."

PUBLISHED AUG. 19, 2013