The Cloud Security Challenge

The cloud is having a measurable impact on business. According to a Vanson Bourne study, companies taking advantage of cloud services experienced a 15% reduction in IT spending, a 21% reduction in time to market, and an 18% increase in employee productivity. However, sensitive data in the cloud is now a target for cyber criminals, and cloud services can be used in a cyber attack as a vector to exfiltrate data. That’s why, according to Gartner, 25% of companies will deploy a cloud security software solution by 2016. That’s up from 1% who had such a solution in 2012. There are two sides to the cloud security challenge: 1) securing employee usage of cloud services they bring into the workplace and 2) securing the usage of cloud services that are sanctioned by the company.

When employees bring cloud services to work without the knowledge of the IT department, they create a parallel technology stack unknown to the company called “shadow IT”. As a result, IT teams often underestimate the scope of cloud usage by a factor of ten, and cannot enforce corporate security policies or identify and respond to security incidents. On the other side of the cloud dilemma, IT organizations require additional controls to extend corporate security policies to sanctioned cloud services procured by IT. Specifically, they need to protect data from breaches and blind subpoenas, comply with regulatory requirements, enforce governance policies, and detect compromised accounts and insider threats.

Enable the Cloud Adoption Lifecycle

The Skyhigh Cloud Security Platform supports the entire cloud adoption lifecycle for shadow IT and sanctioned IT, providing unparalleled visibility, usage analytics, and policy enforcement. With Skyhigh you can empower employees to use cloud services that help grow the business while seamlessly enforcing your organization’s data security, compliance, and governance policies.


Understand the scope of cloud usage within your company, including which cloud services are in use, their associated risk, and where sensitive data is stored.

  • Identify all Saas, PaaS, and IaaS services in use
  • Understand the risk of each service
  • Quantify and benchmark risk with peers
  • Standardize and consolidate subscriptions
  • Identify sensitive or regulated data in the cloud


Identify inconsistent policies across egress devices, detect security breaches, and consolidate services to lower costs and improve collaboration.

  • Remediate inconsistent cloud policy enforcement
  • Identify anomalies indicative of security breaches
  • Detect compromised accounts and insider threats
  • Capture a detailed audit trail of all user actions
  • Audit license utilization and reduce “shelfware”


Enforce security policies across all cloud services – whether shadow IT or sanctioned IT – to meet security, compliance, and governance requirements.

  • Enforce consistent policies with existing infrastructure
  • Coach employees to enterprise-ready services
  • Enforce access and collaboration control policies
  • Extend existing DLP policies to the cloud
  • Encrypt structured and unstructured data

How Skyhigh Helps

Skyhigh is a cloud access security broker (CASB) that helps organizations address both sides of the cloud data security challenge – shadow IT and sanctioned IT. Using Skyhigh, organizations get detailed cloud analytics to discover all cloud services in use including SaaS, PaaS, and IaaS. Skyhigh summarizes cloud usage, revealing which cloud services are in greatest demand by employees so IT can invest in those categories to support innovation and growth in the business. The solution provides an objective risk assessment for all cloud services, identifies anomalies indicative of data exfiltration, and quantifies overall risk to benchmark with peers.

As sensitive data moves to the cloud, IT needs to enforce corporate security policies to protect sensitive data. Skyhigh’s Cloud Security Platform supports a wide range of policy enforcement options, including coarse and granular access control, cloud encryption and tokenization, activity monitoring, and cloud data loss prevention. Integration and closed loop remediation with your existing firewalls and proxies, encryption key management, and data loss prevention software solutions enables you to extend your existing workflow and policies to data in the cloud to meet cloud governance and cloud compliance requirements. By meeting these requirements for sensitive data, you can embrace shadow IT and sanctioned IT usage and securely enable cloud services for all business units.