Skyhigh Brings Order to Cloud With Advanced Control Techniques
Naturally, the problem of stealth IT goes beyond basic cloud applications, such as file-sharing services and social networking. Many companies are discovering that employees are using services such as Google Apps, Zoho, Gmail, Workday and so on. While those applications may have legitimate uses, IT still needs to know if any corporate (or intellectual property) data is being stored or transmitted across those services. Simply put, a document stored on Google Docs that contains corporate information may very well violate compliance policies. Although the violation is not intentional, it is still something that may turn up in an audit, resulting in a fine. If IT is aware of those hosted services or Web apps, then IT can properly educate users on what falls within company guidelines and policies, preventing what could be a major compliance violation or security breach. Nevertheless, discovery is only part of the Skyhigh story. Analytics also plays a major role in what Skyhigh can bring to a business. For example, I was able to run several reports that not only offered traffic trending information, but also the details required to execute forensics. The drill-down methodology offered by the reporting capabilities allowed me to delve deeper into a service and find out whether or not it was blocked or accessed, when and by whom.What's more, the analytical capabilities allowed me to discover anomalies in access. For example, if a service such as SourceForge or Dropbox is rarely used and then spikes in usage, it shows up as an anomaly, allowing me to investigate what exactly is happening—such as someone sending source code or large customer lists outside of the network. Another capability worth mentioning is the ability to enforce encryption, certificate use and other methods of protecting data while it's in motion. For those organizations that leverage Web services as part of their line of business capabilities, the importance of encryption cannot be stressed enough. Skyhigh, as part of its ability to control services, is able to enforce key usage or certificate policies. The product accomplishes that by aliasing the domain, meaning that traffic meant for the service must pass through another step, before arriving at its intended destination. That is where the encryption/key policy enforcement can take place. This proves to be a simple solution to what many view as a complex problem. All things considered, Skyhigh accomplishes the goal of taming and securing Web services, while combating the ills of shadow IT. What's more, Skyhigh is a zero footprint service, meaning that no investments in hardware, additional software or other ancillary items are needed, making it very easy to calculate the true costs and risks of unfettered Web access.
Of course, monitoring and identifying Web applications is only part of a viable security tool; one must be able to react to the possible threats that some of the services may contain. Here, Skyhigh uses policies to generate scripts that can be inserted into egress devices, which can block Web apps. I was able to quickly and easily define rules to prevent access to Facebook, Twitter, Google APIs and so on. The ability to block access proved to be a critical methodology for combating shadow IT and maintaining compliance.