REVIEW: Skyhigh aims to identify what cloud services are in use and by whom, while helping to tame the onslaught of these platforms as well as secure and control authorized services.
As more business turn toward the cloud for applications and services, many are beginning to experience what is referred to as "shadow IT
," a set of services and applications that are beyond the knowledge and control of corporate IT.
For some business units, the concept of shadow IT sounds like a viable solution to their IT request problems. However, shadow IT brings with it significant risks, such as lack of governance, compliance violations, policy violations and the potential loss of intellectual property.
Ironically, business managers try to justify "shadow IT" with the claim that it eliminates the need for costly corporate IT support. Yet there is such a serious danger of shadow IT causing even more costly security and compliance problems that corporate IT must get involved. Skyhigh
is one of those tools corporate IT executives use to discover how big a problem shadow IT is in their organization. Then they can implement policies to bring it under control.
What's more, Skyhigh functions as a resource to calculate the ROI of cloud services, showing whether or not a particular service is economically viable for a particular business need, thanks to the service's instant analysis capability. Then Skyhigh returns control of services back to IT, by incorporating a zero footprint click control feature, which can authorize or block access to cloud services based upon policy controls.
A Closer Look at Skyhigh
Let's start with the good news. Skyhigh is a cloud-based service that requires little in the form of installation, dedicated hardware or configuration. But here is the bad news, Skyhigh is a cloud-based service that resides out on the Internet and requires access to your egress device log files to function.
However, both the good news and the bad news are subjective and depend on how the network is implemented and managed. For example, if the target network is for a multinational company, then access by a service across international borders or use of foreign data centers can become a compliance violation. On the other hand, distributed networks that already use cloud services should have no worries with using Skyhigh.
As a hosted service, configuration proves to be quite easy; it just comes down to providing the service with access to the various logs that track the traffic on the network. The Skyhigh platform then analyzes the log information and creates extensive analytical reports that provide insight into the cloud services that are connected to the network.
Service discovery is part of the analytics process that Skyhigh performs and gives detailed information about what Web services are in use, by whom and when. That information can be presented via drill-down screens, reports or as a combination of visual and text references that make it simple to identify if those services violate company policy, are high risk or are a threat to compliance or potential avenues for intrusions or data compromise.
Skyhigh is founded on the concept of discovery, in other words knowing what is happening on the network—at least as far as cloud services are concerned. The very concept of stealth IT has introduced hundreds, if not thousands, of cloud-based applications to the corporate network, including the more obvious applications such as Box.net, Dropbox.com and many others.
Skyhigh does an excellent job of discovering what cloud applications are actually running. While testing the product, I was able to discover dozens of cloud applications running on the test network, many of which I had forgotten about or had not even realized that they had been implemented on the network. With that in mind, Skyhigh becomes a very powerful tool to prevent data leakage and maintain compliance.