What is most valuable?
The most valuable feature of Skyhigh networks is the capability of giving an overview of all active cloud services on our network. Skyhigh analyzes syslog data from our firewall, and returns a report of the cloud service usage on our network. In other words, this takes the 'shadow' out of Shadow IT. It sheds some light on the current situation.
The report returned by Skyhigh not only shows which cloud services are in use, but also gives each individual cloud service a risk assessment in terms of risks associated with the service. The categories are Data Risk, User Risk, Legal Risk and Business Risk. With this overview of the associated risk for cloud services on our network, we can make some very conscious decisions about how we want to shape which services are used on the network. We can make sure that we offer safe alternatives to the services already in use. We want all our users to use cloud services, so that we can stay agile and flexible, but we also want to make sure we don't take any unnecessary risk.
Skyhigh furthers the protection of our sanctioned cloud services. Once we make a decision on which services we feel are a good match for our company, we can add extra protection to those services in the form of monitoring and threat prevention. Skyhigh can make sure that all data we put in our sanctioned cloud service is compliant with our company policy as well, as industry regulations. In other words, if one of our users accidentally puts data in the cloud that isn't compliant, we can remove this data before it causes problems. This is a win for our users and the company as a whole.
Skyhigh also monitors the usage of our sanctioned cloud services. They can spot any abnormal activity, such as users logging in from several different countries in a short period of time, or other suspicious activity.
How has it helped my organization?
We now have a good conscious about using Cloud services. Without an overview, you can only imagine what is going on. With monitoring, analysis and threat prevention, we know exactly what is going on and can prevent activity that we deem unacceptable or creates unnecessary risk. We have a much better overview of where our data is, both in terms of which service, but also in terms of geographical location.
What needs improvement?
The Web UI is still not quite as responsive as we would like. However, in praise of Skyhigh, they have taken this feedback into account. This is their biggest focus area for next major release.
For how long have I used the solution?
I have been using it for one year.
What do I think about the stability of the solution?
In version 2.7, we had a few issues. However, none of these were major, and they were usually fixable within a very short period of time.
What do I think about the scalability of the solution?
We have been able to provide Skyhigh solutions for customers of single office companies, as well as larger global companies, without any issues.
How is customer service and technical support?
Technical support was very good. Our partnership with Skyhigh is extremely close, and their incident response is sublime.
How was the initial setup?
The initial setup is quite easy. You must provide a log sample to Skyhigh, who then make sure their log parser is specifically suited to the customer. Once you have received a tenant, and the parser has been created by Skyhigh, the setup takes approximately one hour.
What's my experience with pricing, setup cost, and licensing?
The Skyhigh licensing model is based on the number of subscriptions of administrative users on the network. There are two separate licenses: Discovery and Secure.
Discovery gives the overview of which Cloud services and on your network. Secure protects your sanctioned Cloud services. We have chosen both, but there is nothing limiting you from running either of the two licenses separately.
If you are currently using a sanctioned Cloud service, then we recommend getting both licenses (Secure and Discover). However, if your company doesn't have an official Cloud service in use, then we recommend only purchasing the Discover license. You can always purchase the Secure license at a later time, if your situation happens to change.
Which other solutions did I evaluate?
We are a consultancy company that wants to get into the CASB area. We did very thorough research on the products that were on the market. We have done this on an ongoing basis to check on the competition. We researched Netskope, Aperture and Elastica thoroughly, before concluding that Skyhigh is the most mature and feature-rich product.
One of the biggest factors in choosing Skyhigh was that Skyhigh integrates with your current infrastructure, rather than adding another agent or needing to send all traffic through a proxy. This simplifies setup, as well as ensuring that the product does not cause bottlenecks. It just adds value to your already existing security infrastructure.
What other advice do I have?
Be prepared to involve management and your HR department. The data presented by Skyhigh, will most likely warrant change, both in terms of company culture, as well as adding restrictions to company policy. Once you have discussed policies and compliance, create some automation flows or workflows to ensure that all unwanted services or risk attributes are added to the block list on a regular basis.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are partners with Skyhigh Networks.
Dec 12 2016