Skyhigh Networks is filling the security gap in the cloud for Federal agencies with its Cloud Access Security Broker (CASB) solution–providing agencies with visibility, threat protection, compliance, and data security in the cloud.
Skyhigh Networks is the first–and only–CASB that is FedRAMP-compliant for government, allowing agencies to adopt Software-as-a-Service (SaaS) solutions. They achieved FedRAMP certification in early May 2016.
“There are less than 100 companies worldwide that actually have this designation, which makes it all the more meaningful,” said Kevin M. Jones, the senior director of public sector at Skyhigh Networks. “When you distill down the reasons that Federal agencies are often reticent to embrace the cloud, it is because opacity equals risk. If we don’t know exactly where users are going and exactly what they are doing once they get there, this creates friction between the security team and users. Skyhigh is offering a comprehensive cloud security platform so that agencies can gain complete clarity into all activity and confidently embrace the cloud.”
Jones described the four key functions of Skyhigh Networks’ CASB solution as the following:
- Visibility: Helping customers understand what’s actually happening in their environments in the cloud from their organizational assets–iPads, phones, computers, etc.
- Threat protection: Understanding what constitutes normal behavior as well as what falls out of bounds of that behavior and would be considered anomalous–a big data approach to cloud security.
- Compliance and data loss prevention.
- Data security and encryption in the cloud.
Skyhigh Networks offers public, private, and hybrid cloud models. Customers choose the deployment options based on their use-case, data sensitivity, and regulatory requirements, Jones said.
The FedRAMP-compliant cloud security platform addresses agencies’ blind spots. “In general, the perception is that because an agency has a cloud policy and they couple that with next-generation firewall, proxy, and information and event management technologies, that these problems don’t exist,” Jones said. “Consistently, our assessments prove otherwise regardless of where in the government they’ve been performed. This is because the cloud is so incredibly porous and dynamic.”
Due to constantly changing technology demands, “individuals within an agency [are] using agency assets and consistently accessing cloud services that the agency is not aware of,” Jones said. “And we call that shadow IT.”
Recently, Skyhigh Networks assessed an agency and discovered more than 3,000 instances of unsanctioned cloud services the agency was unaware of. Agencies face challenges “to determine whether the services are actually being used…[And] how do we even know that our users are actually leveraging this solution that we’ve invested in?” Jones said. “These are the types of behaviors we’re helping agencies to understand, so they can better utilize their sanctioned IT investments.”
Skyhigh Networks uses a “leverage and extend” model to address shadow IT use in agencies. “Skyhigh Networks is not here to replace any existing technologies, rather we want to leverage those technologies and help extend their capabilities out to the cloud,” Jones said. “One way we do this is by working directly with existing agency technologies to close up any proxy leakage that we might discover. Through continuous monitoring of cloud usage and behavior, agencies can proactively inhibit data loss while safely enabling proper utilization.”
While Skyhigh Networks can automate most of this process, some agencies choose to make decisions within their security teams about blocking certain services, devices, etc. Jones explained that agencies may not want to shut down a service if agency information is currently being used in an unsanctioned cloud service.
Agencies should think in terms of creating “a partnership with their end-users” and initiating a “dialogue with these individuals to articulate why certain services should be blocked, and recommend a safer passage to services that would better safeguard government data,” Jones said.
Cloud migration is most successful when cloud security is brought into the conversation early on. “Too often, we find that comprehensive security is not built into the early cloud conversations,” Jones said. Agencies need to know upfront how they can address privilege sprawl, unauthorized data sharing, anomalous usage, and insider threats to protect their assets with Skyhigh Networks’ CASB offering.