Q&A: Skyhigh Networks CEO On Why Cloud Access Security Brokerage Is The Market To Watch

A Growing Space

2015 was a busy year for the budding cloud access security brokerage (CASB) market. As cloud continues to gain traction in the enterprise, companies such as Skyhigh Networks that focus on the CASB space are starting to gain serious traction with partners and customers that are looking to secure their moves off premise. As a result, you also some big-name vendors starting to jump in the space, with Cisco, Blue Coat and Microsoft having made acquisitions during the year. CRN recently sat down with Skyhigh Networks CEO Rajiv Gupta (pictured). Take a look at what he had to say about the growth he's seeing in the market, the maturity of the cloud security model and if Skyhigh will join the list of acquired CASB vendors anytime soon.

What were some of the big milestones from 2015 for Skyhigh Networks?

For us, there are milestones in multiple categories. One milestone is the growth – we’ve been on the proverbial hockey stick in terms of number of customers, types of customers and in terms of partners. The other one is in terms of technology and capability. One of the milestones for us in 2015 was we were granted a patent … for terminal-enabling a mobile-to-cloud interaction ... The whole mobile to cloud was a little held back, but what this patent does, what this solution allows you to do, is take a virgin device … without you requiring to VPN in or download an agent, your traffic will go through Skyhigh if you’re a Skyhigh customer … That core capability that we enabled, that we got a patent for, when we look back over time we will see that that was a really important capability in enabling the unfettered compliant and secure mobile-to-cloud interaction.

Do you see growing maturity around the CASB market?

Absolutely. In fact, the other indication of the maturing of the CASB market and the broader understanding by customers that they have a need for this was the growth in inbound RFPs from massive multinational companies, $100 billion and above. They are now producing RFPs for CASB. The growth from the first quarter of last year to the third quarter last year was an 8x in terms of inbound RFPs from these companies. It is a maturation of the industry’s appreciation for the role the CASBs play in the movement to the cloud.

Are you seeing that same maturity in the channel as well?

The growth is massive. Our growth and sales through the partners, from the beginning of the year to the end of the year, increased by a factor of 2.5x. I think it’s the right trajectory. We will see more of that as well … in terms of the amount of business that came in through partners that was partner generated, not only partner fulfilled, but also the breadth of the use cases …That’s telling me something about the maturation of the customer … but it’s also telling me something about the maturation of the partners’ capabilities themselves as they have to able to understand to participate, add value and be more involved in a richer set of use cases. We’re seeing that significantly in the partner ecosystem.

What impact do all the recent breaches have on that maturity?

The need for security becomes higher. The role security plays in both enabling that system of record plays in allowing that system of record to move on premise to the cloud, or conversely the concern of security that still inhibits the system of record from moving from on premise to the cloud. A number of these breaches, like for example the breach at the Office of Personnel Management … that was, for a number of folks, a wakeup call. We thought keeping this information on premise was more secure than in the cloud. But, think about it: Can we really invest as much as Microsoft or Salesforce does around security? ... The mindshift is starting to happen [where companies realize] having data in a cloud service provider is more secure than trying to maintain it behind my four walls. Some of these breaches have been instrumental in helping turn the tide in terms of security being a reason to move to the cloud, rather than a reason not to move to the cloud.

We're seeing more types of breaches – ideological and others – does that raise the need for cloud-type of solutions for security?

That's exactly right. The attack surface is increasing, now it's not just the financial information. It's my HR information, my critical infrastructure, a bunch of different things. The other part is that the attacker's motivations are more diverse: there is ideological, financial, so on and so forth … It's absolutely driving to faster cloud adoption. We are seeing CISOs who were otherwise resistant to the cloud now turning around and becoming the biggest advocates of it. In some aspects, it's because there is a recognition that they cannot invest as much as these cloud service providers can. In some aspects, it's also because it's something as mundane as recruiting people, that kind of talent of security professionals to do what I need to get done. I think what you'll start to see more and more is a highlighting of the shared responsibility in the cloud service provider and the enterprise. You'll see that becoming more explicit and more overt.

How is the tone of the CISO changing in regard to security threats?

I think there's a recognition on the part of the security communities that none of us are safe anymore in some sense. I don't want to sound alarmist … but now we're finding that because the whole cyberthreat and cyberterrorism tools have become commoditized … Where earlier I could hide under a perception of anonymity, I'm too small for people to attack me, now that veneer is gone. All of us are open targets. That's been another reason why we're seeing a number of these security organizations of companies who initially thought they were under the radar; now they're recognizing that there's no such thing as being under the radar anymore. Once you get the wakeup call and you realize that if you're attacked, it's going to be in some cases even (a) career limiting incident, then a lot of the biases that you may have about the cloud go away … I don't say that is universal, but I think you will see more of that in the future.

What is the effect on the CASB market as cloud starts to really hit its stride in the market?

Cloud security is the fastest growing [market] … As the move to cloud ... grows in strength, the need for the companies like Skyhigh to enhance the security and to make sure that the specific requirements of visibility, threat protection, compliance, data security are met as they use a cloud service grows. As they use more cloud services, the enterprise needs to have a consistent set of visibility and controls so they don't have to worry about point solutions for each particular providers … Those are the kinds of functions and capabilities ... that a company like Skyhigh provides. The need for these types of solutions (is) increasing … both in terms of application but also in terms of the kinds of functions that they look to us to provide.

We saw a bunch of CASB acquisitions in 2015. Do you think we will see more consolidation in 2016?

I think so … The space is growing so fast that the big vendors haven't had the time to build this capability organically. Now, they're looking and saying "Do I have the time?" It's not going away, it's not a flash in the pan and it's only going to increase in terms of size … "Do I have the luxury of time and market to build it from scratch? Or do I need to build it inorganically?" I think you will see more acquisitions because there are many cloud security companies and they are all recognizing that cloud security is a big category that they cannot ignore … We've also seen in the past that the fourth player, the fifth player get acquired and the companies that stay their ground and have the momentum and customer traction and the technology, people, process and market share who stay the course, they reap unfair benefits. That happened with email security, firewalls, and proxies. It will happen here again. We've seen Adallom and Lancope acquired. They were not the leaders in the space … History is a reasonable indication of what could happen … The one or two or three who stay the course will reap the benefits.

Will Skyhigh get acquired, as others have in 2015?

My focus is on building a successful company. It is on addressing customer needs. It is on anticipating and innovating and working with customers. That's my focus. I firmly believe that we were focused on understanding, making (security) visible and addressing this need. My focus stays in terms of making customers successful, enabling the cloud economy and enterprises to avoid the perils of cloud and allow them to leverage the promise of cloud. That hasn't changed. That won't change. That is my primary driver. In terms of acquisition, I don't spend my time and attention worrying about those things … My focus is on enabling that new control point. Today we are delivering that. We have the largest mindshare and market share ... and that is my goal: to both help people understand the need and (have the) most compelling platform that addresses the need of the control point.

What else can we expect from Skyhigh Networks in 2016?

If you think about technology and capability, we have a roadmap that is so rich that my concern is: How do we make sure that we prioritize that and focus on the most important things? … You'll see us add more functional [capabilities] on the platform, both those ones that we have developed ourselves, but you'll also see us add [third-party integration partners] on that platform. ... You'll see us add more and more services in terms of the number of services that we can address in a broad sense, but also add to the number of services that we can address in a very deep sense, such as Office 365 ... We will work more deeply with partners and provide them with more of those package solutions and best practices in a form that they can quickly leverage and recur. Then, in specific areas, both geographically and in a vertical industry, we will be adding more partners. The bottom line is: I firmly believe that we can be successful on our own, but we can truly be impactful only with partners. To me, partners are fundamental to our success.