We just raised a $30M Series A: Read our story

McAfee MVISION Cloud OverviewUNIXBusinessApplication

McAfee MVISION Cloud is the #6 ranked solution in our list of CASB solutions. It is most often compared to Netskope CASB: McAfee MVISION Cloud vs Netskope CASB

What is McAfee MVISION Cloud?

Skyhigh is the leading cloud access security broker (CASB) trusted by over 500 enterprises to securely enable over 16,000 cloud services, including shadow IT and sanctioned IT.

With Skyhigh, organizations leverage a single cross-cloud platform to gain visibility into cloud usage and risks, meet compliance requirements, enforce security policies, and detect and respond to potential threats.

McAfee MVISION Cloud is also known as Skyhigh, MVision, MVISION Cloud, McAfee Skyhigh Security Cloud, Skyhigh Security Cloud.

Buyer's Guide

Download the Cloud Access Security Brokers (CASB) Buyer's Guide including reviews and more. Updated: September 2021

McAfee MVISION Cloud Customers

Western Union.
Aetna.
DirecTV.
Adventist.
Equinix.
Perrigo.
Goodyear.
HP.
Cargill.
Sony.
Bank of the West.
Prudential.

McAfee MVISION Cloud Video

Archived McAfee MVISION Cloud Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
DS
Director, GRC Applications and Systems Delivery at a tech company with 501-1,000 employees
Vendor
A SaaS-friendly tool that integrates well with DLP but better integration with on-premise tools is needed

Pros and Cons

  • "It gives us visibility into how the data is being used within our cloud environment."
  • "The biggest challenge we have with McAfee is their cross-cloud support."

What is our primary use case?

We use this solution as a CASB, a Cloud Access Security Broker, to gain insight into our cloud environment. We integrate this solution for our clients as a companion service to our main cloud product.

How has it helped my organization?

It gives us visibility into how the data is being used within our cloud environment. It shows the flow of information, and in our case, it has to with documentation that is restricted. For example, if a document contains credit card information or social security numbers then we are able to track it when somebody tries to delete them or do something else that is prohibited. We get flagged, which is the key. It enhances the visibility of what's in our cloud environment.

What is most valuable?

The most valuable feature for us is the integration with DLP. 

What needs improvement?

The biggest challenge we have with McAfee is their cross-cloud support. They tend to lag by a few months, in terms of providing support for new cloud platforms, or new cloud features. We're primarily focused on SaaS, so the other opportunities for them to improve their integration is with AWS and PaaS.

I would like to see better integration with on-premise tools.

For how long have I used the solution?

Two years.

What do I think about the stability of the solution?

That stability is good. It's a very good tool.

What do I think about the scalability of the solution?

We have had no problems in terms of scalability.

We have a team of about forty people who use it. There is the DLP team, the various tenant cloud security administration team, and we also have our staff that uses it.

How are customer service and technical support?

We found that the documentation is meager, but the response time from technical support is very good.

Which solution did I use previously and why did I switch?

We did not use another solution prior to this one.

How was the initial setup?

This solution is very easy to set up.

It took us about a month to get it up and running, but it took us four months to figure out how to use it amongst the different teams.

What's my experience with pricing, setup cost, and licensing?

The licensing fees are based on what environments you are monitoring.

Which other solutions did I evaluate?

We did evaluate a couple of other options, and we have other solutions as well. We have Evident.io, one from Cisco, and one from Palo Alto. None of them are good in every environment, so we use a combination of these solutions.

I have found, based on implementations for multiple clients, that Evident.io doesn't meet the needs of all of the people. Evident.io is not a security protocol. It gives you visibility into your cloud, but it's not a broker. It's just an analysis tool. It is very PaaS-friendly, but not a SaaS-friendly tool. This is opposed to Skyhigh, which is SaaS-friendly but not PaaS-friendly.

What other advice do I have?

My advice for anyone who is implementing this solution is to know what roles you will need to grant access to and have your roles predefined.

This solution has good coverage and good integration with other McAfee products. I am not giving it a perfect score because of the uneven coverage for other platforms. They tend to lag in terms of support for new platforms and new tools that come out on the cloud. 

I would rate this product a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ankush-Jain
Deputy Specialist/Assistant Manager at a tech services company with 10,001+ employees
Real User
Prevents you from moving your data outside of the corporate system

Pros and Cons

  • "It also prevents you from writing data to your Gmail and does not allow you to move your data outside of the corporate system. That is the most important feature for me."
  • "I would like to see more power being given to the admin. In the sense that in case an employee is facing an issue and they want to configure a service, like attaching an email in Gmail, for example, they should be given the option to make the service request and get that configured on the go."

What is our primary use case?

The primary use case is to prevent employees from extracting the data out of their corporate system and getting them outside through Gmail and things like that.

What is most valuable?

Predominantly, there are two valuable features: One is the data loss and the other one is network loss. 

It also prevents you from writing data to your Gmail and does not allow you to move your data outside of the corporate system. That is the most important feature for me.

What needs improvement?

I would like to see more power being given to the admin. In the sense that in case an employee is facing an issue and they want to configure a service, like attaching an email in Gmail, for example, they should be given the option to make the service request and get that configured on the go.

What do I think about the stability of the solution?

Stability has been good so far. 

What do I think about the scalability of the solution?

We have 14,000 users using this solution, all of the employees in the company. Everybody has it installed on their laptops or their desktops.

What other advice do I have?

I would advise someone considering this solution to configure it the way the OEM advises you. You should have a list of customization.

I would rate it a seven and a half out of ten. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about McAfee, Netskope, Microsoft and others in Cloud Access Security Brokers (CASB). Updated: September 2021.
540,984 professionals have used our research since 2012.
NK
Sr. Analyst Governance and Compliance at a aerospace/defense firm with 10,001+ employees
Vendor
Cloud registry provides cloud services risk assessments, but at times the portal is slow

Pros and Cons

  • "There is [a feature] called cloud registry where we can see a risk assessment for the cloud services being used. If we want to add a new cloud service or a new cloud application, we can check into it and do an assessment through the cloud registry."
  • "The only thing we have faced is that sometimes, randomly, the portal becomes too slow."

What is our primary use case?

We use it for cloud risk services.

How has it helped my organization?

It monitors the cloud usage of our company and shows the status on the main dashboard. There, we can see what kind of cloud applications are being used and see a risk assessment for each one, indicating low, medium, or high. For each cloud application, we can see how many users are using it. It's like auditing for each cloud application. In that way, it gives in-depth visibility and a granular monitoring facility for the company: What is happening inside the company, what people are using, what kind of data is going through the company. It really helps in understanding cloud traffic.

What is most valuable?

There is one feature called data governance that shows all the cloud services which are used.

There is another one called cloud registry where we can see a risk assessment for the cloud services being used. If we want to add a new cloud service or a new cloud application, we can check into it and do an assessment through the cloud registry. That is the feature that I like most.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Generally, it is available.

What do I think about the scalability of the solution?

The scalability is pretty good. The only thing we have faced is that sometimes, randomly, the portal becomes too slow. We only have between 100 and 150 users of the portal, which is a fairly small number, but scalability is not really an issue.

In terms of extent of use, it will monitor all the cloud usage in the company, whether there are 100k or 200k users. It will monitor everything, whatever comes from the logs, and present the data in an understandable format.

How are customer service and technical support?

Technical support is pretty good.

Which solution did I use previously and why did I switch?

This is our first solution of its kind.

What was our ROI?

We have definitely seen an ROI over the years we have been using it; not from a dollars perspective but in different ways.

What's my experience with pricing, setup cost, and licensing?

They definitely charge a huge amount. All the security service providers charge a huge amount.

Which other solutions did I evaluate?

At the time we chose this product, we did not evaluate others, but recently we have a looked at a couple of other products. The others are pretty good. They have come up with a lot of innovation, improved security, and developed a lot of enhancements. In different ways, everybody is good.

What other advice do I have?

Do a PoC for a week or ten days. If you don't like it, go with another vendor. But I believe you will like it.

It's not necessary to give access to everyone in the company to monitor their cloud usage. There are specific teams that use the platform for a specific purpose.

They have improved a lot. Every month or every three months they are coming out with a new update. Whatever we have asked for recently, they have added it to their roadmap. Since McAfee acquired the SkyHigh applications, there will be a lot more features to come. We are expecting a lot of features to be onboarded to the platform.

For our use case, what we currently have is good enough.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user775083
Information Assurance Manager at a transportation company with 10,001+ employees
Real User
An innovative, dynamic tool which helps block high risk services

What is our primary use case?

We use it to discover, protect, and permit. Skyhigh for Shadow IT provides us visibility into the Shadow IT. It helps us in blocking high risk services and also in containing the data exfiltration to these high risk services.

How has it helped my organization?

It help us monitor high risk services, blocking them, and also feeding them to our egress points.

What is most valuable?

The risk management feature.

What needs improvement?

Integration with other technology ecosystems.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Initially, there were stability issues, but now it is perfect.

What do I think about the scalability of the solution?

No scalability issues.

How

What is our primary use case?

We use it to discover, protect, and permit.

Skyhigh for Shadow IT provides us visibility into the Shadow IT. It helps us in blocking high risk services and also in containing the data exfiltration to these high risk services.

How has it helped my organization?

It help us monitor high risk services, blocking them, and also feeding them to our egress points.

What is most valuable?

The risk management feature.

What needs improvement?

Integration with other technology ecosystems.

For how long have I used the solution?

Three to five years.

What do I think about the stability of the solution?

Initially, there were stability issues, but now it is perfect.

What do I think about the scalability of the solution?

No scalability issues.

How are customer service and technical support?

The support team is very good.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

How was the initial setup?

The initial setup was okay.

What about the implementation team?

The implementation team was proficient.

What's my experience with pricing, setup cost, and licensing?

Have a risk-based approach towards pricing.

Which other solutions did I evaluate?

There were none to evaluate at that time.

What other advice do I have?

It is an innovative, dynamic tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
reviewer826926
Information Security Analyst at Kronos at a tech company with 5,001-10,000 employees
Real User
We have gained a deep insight into our Shadow IT usage

Pros and Cons

  • "The risk rating of each cloud application has been very useful. Whenever we discover a new application is use, we are able to quickly determine if this application is safe to use and whether or not we should allow our end users to be able to access it."
  • "We have gained a deep insight into our Shadow IT usage as well as the different activities involved in Office 365."
  • "Without Skyhigh, we had zero visibility, but now we are aware of so much more."
  • "Though the Skyhigh Dashboard is processing large amounts of data, the speed of the Dashboard could be improved."
  • "It would be nice to be able to get more advanced search functions to filter out data and quickly obtain the data that we need."

What is our primary use case?

We implemented Skyhigh for Shadow IT monitoring as well as Microsoft Office 365 real-time auditing. We monitor these on a daily basis and are currently in the process of implementing policies if certain activities are done by our end users.

How has it helped my organization?

We have gained a deep insight into our Shadow IT usage as well as the different activities involved in Office 365. Without Skyhigh, we had zero visibility, but now we are aware of so much more.

What is most valuable?

The risk rating of each cloud application has been very useful. Whenever we discover a new application is use, we are able to quickly determine if this application is safe to use and whether or not we should allow our end users to be able to access it.

What needs improvement?

Though the Skyhigh Dashboard is processing large amounts of data, the speed of the Dashboard could be improved. Also, it would be nice to be able to get more advanced search functions to filter out data and quickly obtain the data that we need.

For how long have I used the solution?

Less than one year.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
IT Security at a financial services firm with 5,001-10,000 employees
Real User
Provides categorization and rating of websites separate from what the web proxy places on the logs

What is our primary use case?

Insight into services being accessed and/or used in corporate environment. Additionally, Shadow IT as a whole and provides another set of eyes on web proxy logs.

How has it helped my organization?

It has allowed insight into gaps that may exist in current web proxy tool policies. Improves creation of security alerts on web proxy logs by having a separate system interpret said logs.

What is most valuable?

Skyhigh has given us categorization and rating of websites separate from what the web proxy places on the logs.

What needs improvement?

The tool could improve flexibility with the creation of reports/querying data. A better search capability, similar to a SIEM, would also allow deeper log analysis.

For how long have I used the solution?

One…

What is our primary use case?

Insight into services being accessed and/or used in corporate environment. Additionally, Shadow IT as a whole and provides another set of eyes on web proxy logs.

How has it helped my organization?

It has allowed insight into gaps that may exist in current web proxy tool policies. Improves creation of security alerts on web proxy logs by having a separate system interpret said logs.

What is most valuable?

Skyhigh has given us categorization and rating of websites separate from what the web proxy places on the logs.

What needs improvement?

The tool could improve flexibility with the creation of reports/querying data. A better search capability, similar to a SIEM, would also allow deeper log analysis.

For how long have I used the solution?

One to three years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
IT Security Analyst at a tech services company
Real User
The user activity identification in my organization improved

What is most valuable?

User analytics.

How has it helped my organization?

The user activity identification improved.

What needs improvement?

The services take some time to load. It would be helpful if the loading time was reduced.

For how long have I used the solution?

I have been using it for the past few months.

What was my experience with deployment of the solution?

No issues.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

I have not used the support as of now.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

I was not a part of the initial setup.

What is most valuable?

User analytics.

How has it helped my organization?

The user activity identification improved.

What needs improvement?

The services take some time to load. It would be helpful if the loading time was reduced.

For how long have I used the solution?

I have been using it for the past few months.

What was my experience with deployment of the solution?

No issues.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

I have not used the support as of now.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

I was not a part of the initial setup.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user774840
User at a healthcare company with 1,001-5,000 employees
Vendor
Provides full control of the infrastructure process, but needs to improve its support

What is our primary use case?

The user analytics Having a full idea about infrastructure

What is most valuable?

DLP rules.

How has it helped my organization?

Having full control of infrastructure.

What needs improvement?

Iteration process.

For how long have I used the solution?

Two years.

What was my experience with deployment of the solution?

Yes.

What do I think about the stability of the solution?

Yes.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Five out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

The support team implemented the solution.

What was our ROI?

Not applicable.

What's my experience with pricing, setup cost, and

What is our primary use case?

  • The user analytics
  • Having a full idea about infrastructure

What is most valuable?

DLP rules.

How has it helped my organization?

Having full control of infrastructure.

What needs improvement?

Iteration process.

For how long have I used the solution?

Two years.

What was my experience with deployment of the solution?

Yes.

What do I think about the stability of the solution?

Yes.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Five out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

The support team implemented the solution.

What was our ROI?

Not applicable.

What's my experience with pricing, setup cost, and licensing?

It is good.

Which other solutions did I evaluate?

Yes.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Supervisor, IT Security at a healthcare company with 10,001+ employees
Real User
It gives us visibility into our employees activities and access to cloud apps

Pros and Cons

  • "Shadow IT reporting capabilities."
  • "Support for securing more cloud apps."

What is our primary use case?

  • Shadow IT monitoring 
  • Sanctioned Cloud App Security

What is most valuable?

  • Shadow IT reporting capabilities
  • DLP integration
  • Encryption

How has it helped my organization?

It has given us visibility into our employees activities and access to cloud apps.

What needs improvement?

Support for securing more cloud apps.

For how long have I used the solution?

Two and a half years.

What was my experience with deployment of the solution?

Some issues, but many had to do with the complexity of our deployment and they all have been worked through. 

What do I think about the stability of the solution?

The Shadow IT portion would sometimes stop processing our proxy logs, but these issues seem to have been fixed.  

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

It is excellent and top-notch.

Which solution did I use previously and why did I switch?

No previous solution was used.

How was the initial setup?

For Shadow IT, it was straightforward. 

For Sanctioned App Security deployment, it was a bit more complex. This was primarily due to the amount of integrations we decided to do with the existing technologies we owned, like DLP, SSO, etc., and because of the size of our cloud application.

What about the implementation team?

An in-house team.

What was our ROI?

Very good.

What's my experience with pricing, setup cost, and licensing?

I don't deal with pricing. Thus, I cannot answer this.

Which other solutions did I evaluate?

Yes. Netskope, Bitglass, Adallom, and Skyfence.

What other advice do I have?

Make sure you plan your deployment carefully. Break the project into phases. This makes for more wins sooner, which you can report to your upper management. Develop a good rapport with the team who owns the cloud application, so you can get full cooperation from them.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
INNOVATOR,ENGINEER,DREAMER! at a transportation company
Vendor
For a reasonable price, it enforces data loss prevention

What is most valuable?

Prevents unauthorized data being shared from external sources. Enforces data loss prevention. DLP reporting and deep integration.

How has it helped my organization?

Malware and spam mails Attacks from hackers Data privacy

What needs improvement?

Detecting threats.

For how long have I used the solution?

One year.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service: A 10 out of 10. Technical Support: A 10 out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

The initial setup was straightforward. …

What is most valuable?

  • Prevents unauthorized data being shared from external sources.
  • Enforces data loss prevention.
  • DLP reporting and deep integration.

How has it helped my organization?

  • Malware and spam mails
  • Attacks from hackers
  • Data privacy

What needs improvement?

Detecting threats.

For how long have I used the solution?

One year.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

A 10 out of 10.

Technical Support:

A 10 out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

We implemented in-house.

What was our ROI?

Our ROI is 150%.

What's my experience with pricing, setup cost, and licensing?

The pricing is reasonable.

Which other solutions did I evaluate?

No.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Student at Marri Educational Society's Marri Laxman Reddy Institute of Technology and Management
Vendor
Provides a perfect level of customer service

What is most valuable?

Tokenization.

How has it helped my organization?

High-risk services.

What needs improvement?

De-tokenization.

For how long have I used the solution?

One year.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service: A 10 out of 10. Technical Support: An eight out of 10.

Which solution did I use previously and why did I switch?

No.

What about the implementation team?

We implemented in-house.

What is most valuable?

Tokenization.

How has it helped my organization?

High-risk services.

What needs improvement?

De-tokenization.

For how long have I used the solution?

One year.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

A 10 out of 10.

Technical Support:

An eight out of 10.

Which solution did I use previously and why did I switch?

No.

What about the implementation team?

We implemented in-house.

Disclosure: My company has a business relationship with this vendor other than being a customer:
ITCS user
Information Security Lead Analyst at a healthcare company with 1,001-5,000 employees
Vendor
We have been able to analyse our user activity, which has helped us to identify the associated risks

What is most valuable?

The user analytics.

How has it helped my organization?

We were able to analyse our user activity, which helped us to identify the associated risks.

What needs improvement?

Improve the user interface (UI) of the tool and make it user-friendly.

For how long have I used the solution?

Three years.

What was my experience with deployment of the solution?

Yes.

What do I think about the stability of the solution?

Yes.

What do I think about the scalability of the solution?

Yes.

How are customer service and technical support?

Customer Service: A six out of 10. Technical Support: A seven out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

I was not part of the setup.

What about the

What is most valuable?

The user analytics.

How has it helped my organization?

We were able to analyse our user activity, which helped us to identify the associated risks.

What needs improvement?

Improve the user interface (UI) of the tool and make it user-friendly.

For how long have I used the solution?

Three years.

What was my experience with deployment of the solution?

Yes.

What do I think about the stability of the solution?

Yes.

What do I think about the scalability of the solution?

Yes.

How are customer service and technical support?

Customer Service:

A six out of 10.

Technical Support:

A seven out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

I was not part of the setup.

What about the implementation team?

A vendor team did the implementation. I would give them a seven out of 10 on their expertise.

What was our ROI?

I have no idea of what it is.

Which other solutions did I evaluate?

No.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Attended JNTUH College of Engineering Hyderabad
Vendor
It makes our organization's work easier

What is most valuable?

Skyhigh Box

How has it helped my organization?

It makes our work easier.

What needs improvement?

Cloud computing.

For how long have I used the solution?

Almost a year.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service: It is a nine out of 10. Technical Support: It is a nine out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

Implemented in-house.

What was our ROI?

It is confidential.

What's my experience with

What is most valuable?

Skyhigh Box

How has it helped my organization?

It makes our work easier.

What needs improvement?

Cloud computing.

For how long have I used the solution?

Almost a year.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

It is a nine out of 10.

Technical Support:

It is a nine out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

The initial setup was straightforward.

What about the implementation team?

Implemented in-house.

What was our ROI?

It is confidential.

What's my experience with pricing, setup cost, and licensing?

It is very easy.

Which other solutions did I evaluate?

No.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
--
Vendor
We utilize it to analyse our cloud traffic

What is most valuable?

Sanctioned IT.

How has it helped my organization?

To analyse cloud traffic.

What needs improvement?

Reports.

For how long have I used the solution?

One year.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service: An eight out of 10. Technical Support: A seven out of 10.

Which solution did I use previously and why did I switch?

No.

What about the implementation team?

Implemented through a vendor team. Their expertise was advanced.

What was our ROI?

Positive.

What's my experience with pricing, setup cost, and licensing?

Go with the…

What is most valuable?

Sanctioned IT.

How has it helped my organization?

To analyse cloud traffic.

What needs improvement?

Reports.

For how long have I used the solution?

One year.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

An eight out of 10.

Technical Support:

A seven out of 10.

Which solution did I use previously and why did I switch?

No.

What about the implementation team?

Implemented through a vendor team. Their expertise was advanced.

What was our ROI?

Positive.

What's my experience with pricing, setup cost, and licensing?

Go with the licensing.

Which other solutions did I evaluate?

Nope.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Information Security Analyst at a security firm with 1,001-5,000 employees
Vendor
It has improve my organization through identification of user activity and login activity

What is most valuable?

Tokenization User analytics

How has it helped my organization?

Identification of user activity Login information

What needs improvement?

De-tokenization.

For how long have I used the solution?

More than one year.

What was my experience with deployment of the solution?

Not for now.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service: Good. Technical Support: Good.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

Straightforward.

What about the implementation team?

We used a vendor team.

What was our ROI?

I do not know.

What's my experience with

What is most valuable?

  • Tokenization
  • User analytics

How has it helped my organization?

  • Identification of user activity
  • Login information

What needs improvement?

De-tokenization.

For how long have I used the solution?

More than one year.

What was my experience with deployment of the solution?

Not for now.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

Good.

Technical Support:

Good.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

Straightforward.

What about the implementation team?

We used a vendor team.

What was our ROI?

I do not know.

What's my experience with pricing, setup cost, and licensing?

It is affordable. Skyhigh has some good features.

Which other solutions did I evaluate?

No.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
INNOVATOR,ENGINEER,DREAMER! at a transportation company
Vendor
Initial setup is straightforward as their guidelines and instructions are very easy to follow

Pros and Cons

  • "Box API features with DLP capabilities."
  • "SkyHigh has the ability to place users or groups on a ‘Watchlist’; which allows you to see certain views with these Watchlists users/groups in them. This is great when you are looking at live data but if I wanted to generate a report on "only" the watchlists."

What is most valuable?

  • Box API features with DLP capabilities
  • Shadow IT

How has it helped my organization?

Our organization is moving much of its non-sensitive data to Box. We needed the ability to have full visibility into what was occurring within the Box infrastructure, from Skyhigh to Box API integration.

What needs improvement?

SkyHigh has the ability to place users or groups on a ‘Watchlist’; which allows you to see certain views with these Watchlists users/groups in them. This is great when you are looking at live data but if I wanted to generate a report on "only" the watchlists.

For how long have I used the solution?

Two and a half years.

What was my experience with deployment of the solution?

No.

What do I think about the stability of the solution?

Skyhigh has been improving their product and releasing upgrades on a consistent basis. Now, the stability and speed are greatly improved. Looking forward to their next major release.

What do I think about the scalability of the solution?

No, since I am able to use my blue coat logs.

How are customer service and technical support?

Customer Service:

A 10 out of 10

Technical Support:

A nine out of 10.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

Straightforward. Guidelines and instructions are very easy to follow.

What about the implementation team?

Our implementation was in-house. Since the deployment of this cloud access security broker (CASB) was rather simple, there was no need to bring in a third-party vendor.

What's my experience with pricing, setup cost, and licensing?

The biggest thing to watch for is the difference in price per monitored user for the different API integrations. We currently only use the Box API, but we thought about using the Salesforce one. However, it was drastically more expensive per user. We are starting to look at the 365 monitoring since we may migrate there soon, but I have not looked at the pricing for it yet.

Which other solutions did I evaluate?

No.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Student at a security firm
Vendor
The Shadow IT and Sanctioned IT are the most valuable features

What is most valuable?

Shadow IT Sanctioned IT

How has it helped my organization?

High-risk services

What needs improvement?

De-tokenization.

For how long have I used the solution?

One year.

What was my experience with deployment of the solution?

Yes.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

Yes.

How are customer service and technical support?

Customer Service: A six out of 10. Technical Support: A six out of 10.

Which solution did I use previously and why did I switch?

No.

What is most valuable?

  • Shadow IT
  • Sanctioned IT

How has it helped my organization?

High-risk services

What needs improvement?

De-tokenization.

For how long have I used the solution?

One year.

What was my experience with deployment of the solution?

Yes.

What do I think about the stability of the solution?

No.

What do I think about the scalability of the solution?

Yes.

How are customer service and technical support?

Customer Service:

A six out of 10.

Technical Support:

A six out of 10.

Which solution did I use previously and why did I switch?

No.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Information Security Analyst at a tech services company
Real User
The anomalies are key players to identify the intruders in an organization

Pros and Cons

  • "DLP policies and anomalies."
  • "The Skyhigh for Google Drive interface and policy engine is a bit confusing and limited when compared against other Google Drive CASB capabilities."

What is most valuable?

  • Skyhigh's Shadow IT capability
  • Cloud Risk Registry
  • DLP policies and anomalies

How has it helped my organization?

We are able to see what cloud services are being used with more clarity than with our proxies. More importantly, we can identify that we are using many cloud services in which we were not aware that they were even cloud services, especially collaboration services. The cloud risk registry has been great for getting a quicker and clearer understanding of the risk of proposed services that we are looking at allowing. Previously, we were paying for expensive industry reports.

Finally, anomalies are key players to identify the intruders in an organization.

What needs improvement?

  1. The Skyhigh for Google Drive interface and policy engine is a bit confusing and limited when compared against other Google Drive CASB capabilities.
  2. The de-tokenization process
  3. Data anomalies

For how long have I used the solution?

More than two years.

What was my experience with deployment of the solution?

Yeah, a little bit.

What do I think about the stability of the solution?

Sometimes.

What do I think about the scalability of the solution?

No.

How are customer service and technical support?

Customer Service:

Excellent.

Technical Support:

Excellent.

Which solution did I use previously and why did I switch?

No, we haven't

How was the initial setup?

The vendor team was excellent.

What about the implementation team?

Good.

What was our ROI?

Not applicable.

What's my experience with pricing, setup cost, and licensing?

Skyhigh provided a FedRAMP solution, tokenization, a better shadow IT capability, and lower cost.

Which other solutions did I evaluate?

Netskope.

What other advice do I have?

Needs stability and additional new features.

Disclosure: My company has a business relationship with this vendor other than being a customer:
it_user732489
IT Security Support Analyst with 5,001-10,000 employees
Vendor
Provides quite a bit of visibility into cloud services being utilized in our environment

Pros and Cons

  • "All the information available on each service, including its risk assessment."
  • "Iron out the few bugs that I've seen."

What is most valuable?

All the information available on each service, including its risk assessment. Service groups, automatic assignment of services based on designated conditions, and the ability to utilize multiple log sources for the data.

How has it helped my organization?

Provides quite a bit of visibility into cloud services being utilized in our environment. I've been able to take the data available in Skyhigh and create discussions about whether we should be allowing or blocking certain services. This has also allowed us to start developing policies/procedures around new services which get introduced into our environment.

What needs improvement?

Iron out the few bugs that I've seen.

For how long have I used the solution?

Less than one year.

What was my experience with deployment of the solution?

None that I'm aware of.

What do I think about the stability of the solution?

No issues with stability.

What do I think about the scalability of the solution?

No issues with scalability.

How are customer service and technical support?

Customer Service:

A 10 out of 10.

Technical Support:

A 10 out of 10.

Which solution did I use previously and why did I switch?

We did not previously use a different solution.

How was the initial setup?

Unknown, as I was not involved in the setup process.

What about the implementation team?

Unknown, as I was not involved in the procurement process.

What was our ROI?

Unfortunately, I don't have this information.

Which other solutions did I evaluate?

Not applicable, as I was not involved in the decision to go with this product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user535407
Security Analyst IV - Risk Management at a energy/utilities company with 1,001-5,000 employees
Vendor
We are able to identify the high-risk websites and block them. I have encountered some stability issues.

What is most valuable?

Currently, we are using cloud discovery and analytics. This has given us an insight to which services our end users are subscribing to and where our business data may be held.

How has it helped my organization?

We are able to identify the high-risk websites and block them before the end users start using them to ensure that a business case is made for unblocking a high-risk site (rather than having to run interference after the fact). It also allows us to suggest other alternatives and safer services to the end user.

What needs improvement?

One feature offered is a 48-hour turnaround to add a service to the global registry upon request. While they do turn around risk assessments very quickly, often many of the answers are unknown which drives the risk scores of the services up. When provided with contact information, they will reach out to the service provider and get answers to those questions, but it doesn’t provide a lot of value to show a service as high risk just because they haven’t had the opportunity to ask yet.

I have experienced a few cases where I provided a direct contact name (who was expecting a call from someone at Skyhigh) for the cloud service provider being evaluated, and have received feedback from the contact that no one reached out to them after several days or, in some cases, weeks.

For how long have I used the solution?

I have used this product for about 16 months.

What do I think about the stability of the solution?

I have encountered some stability issues. However, these seem to have improved over the last couple of releases.

What do I think about the scalability of the solution?

I have also encountered scalability issues.

Some logging was turned on that filled up the log file shares very quickly; it took some time to determine the cause of the issue and remediate it.

How are customer service and technical support?

The technical support level is good. They are responsive and truly desire to solve problems. The support staff can update versions of the software on our on-premises log processors in less than an hour via a WebEx session.

Which solution did I use previously and why did I switch?

I have not used any other solution.

How was the initial setup?

The setup was straightforward. We set up some on-site log processor devices to gather the firewall logs and send them encrypted to the server for analysis. The results were processed and then appeared on our dashboard.

What's my experience with pricing, setup cost, and licensing?

The pricing policy is based on the employee/contractor count (people with a user ID in your active directory domain). The pricing policy is best if you enter a multi-year agreement.

Which other solutions did I evaluate?

I have evaluated other solutions such as Imperva Skyfence, Netskope, and Elastica.

What other advice do I have?

If possible, have them run a simulation in your live environment for 30 days and you will be impressed with the kind of data that is collected. I, personally, highly recommend this product.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Cyber Security Engineer at a recruiting/HR firm with 51-200 employees
Real User
We use the Box API access with DLP capabilities to see everything that occurs in Box.

What is most valuable?

Box API access with DLP capabilities

Shadow IT

How has it helped my organization?

Our organization is moving much of its non-sensitive data to Box and we needed the ability to have full visibility into what was occurring within the Box infrastructure. With the Skyhigh to Box API integration, we can not only see everything that occurs but we can setup many DLP policies to block or monitor what is occurring in Box. You can also run a custom DLP query against your Box infrastructure to look for specific DLP issues that may have been created since the older data was loaded.

What needs improvement?

Reports. The reports are useful but they do not always give the information in the format that I'm looking for and can take a while to run.

Probably my two biggest issues are as follows:

  1. Even if you narrow down the scope of the report so that there is not too much data, when a report is generating, sometimes it will get hung; thus you have to delete it and run it again. This does not happen too often but when it does, it can be rather inconvenient. Especially since when I need to manually run a report, there is often a time sensitive reason that cannot wait for a report to generate twice.
  2. SkyHigh has the ability to place users or groups on a ‘Watchlist’; which allows you to see certain views with these Watchlists users/groups in them. This is great when you are looking at live data but if I wanted to generate a report on ONLY the watchlists (or specific sub-watchlists), it is not possible. One of our main Watchlists is everyone on the IT Team. Since IT users tend to have more access and control over the environment (myself included) we like being able to single out these users when looking at data. My CIO especially, would love to have a report over specific services, bandwidth, etc… that the IT team is doing every week or month; so that he knows that we are not doing anything malicious. This feature should be provided soon but it is still not in Production.

For how long have I used the solution?

2.5 years

What was my experience with deployment of the solution?

No. We currently use Blue Coat Cloud Proxy and are able to download the Blue Coat logs to the Skyhigh Log Aggregator, and they are immediately sent to Skyhigh. Even if there is an issue where Skyhigh is not receiving the logs, you will receive an email or phone call from their support letting you know they have not received any logs in X amount of time.

What do I think about the stability of the solution?

Originally, the interface would take longer than expected to load some of the more graphically intense metrics. However, Skyhigh has been improving their product and releasing upgrades on a consistent basis. Now the stability and speed are greatly improved. Looking forward to their next major release.

What do I think about the scalability of the solution?

No. Since I am able to use my Blue Coat Logs (which encompasses every system on and off my network) I just have one location that I download my Blue Coat logs and then upload them to Skyhigh.

How are customer service and technical support?

Customer Service:

On a scale of 1-10, I would give them a 9. I have not had any issues and their support has been extremely helpful. There was one time where there seemed to be a decent amount of time between correspondences but it may have been the complexity of the issue. Otherwise, there have been no issues.

Technical Support:

On a scale of 1-10, I would give them a 9. They have been able to fix just about any of my issues but there have been times where they would need to bring in higher level support or other support to assist.

Which solution did I use previously and why did I switch?

No.

How was the initial setup?

Straightforward. During the Proof of Concept, their guides and directions were very easy to follow and I was able to setup everything without much assistance.

What about the implementation team?

Our implementation was in-house. Since the deployment of this CASB was rather simple, there was no need to bring in a third-party vendor. If you are trying to have a 'real-time' blocking scheme where SkyHigh pushes blocking scripts to Bluecoat Proxy SG or Palo Alto, then a third-party implementation team may be necessary. However, even setting up these integrations are not too difficult and a third-party integrations team may not be necessary.

What's my experience with pricing, setup cost, and licensing?

With Pricing, the biggest thing to watch for is the difference in price per monitored user for the different API integrations. We currently only use the Box API but we thought about using the Salesforce one but it was drastically more expensive per user. We are starting to look at the 365 monitoring since we may migrate their soon but I have not looked at the pricing for it yet.

Which other solutions did I evaluate?

Yes, Netskope.

What other advice do I have?

No.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user540324
System Developer Analyst at a tech services company with 10,001+ employees
Real User
The UI is user-friendly. Some of the explanations it gave for risks were too vague to address.

What is most valuable?

It has a very user-friendly UI and is easier to pick up for people with less technical experience.

How has it helped my organization?

It’s a small improvement; however, it has augmented the pre-existing network monitoring services already in place to something more meaningful for higher levels of management.

What needs improvement?

Its capabilities are still rather limited compared to other solutions. It’s a reasonable monitoring service, but it would still need to be coupled with other solutions to be practical.

I found that when it comes to monitoring services on the network, Skyhigh gives a more comprehensive and practical break down of what risks the user is looking at. This is very useful when reporting metrics to upper management. However, it felt slightly lacking in the technical breakdown area as compared to other services we used at the time. Some of the explanations it gave for risks were too vague to address, so we would revert to another product we use regularly to get a more specific picture of a threat.

For how long have I used the solution?

I have used Skyhigh for three months.

What do I think about the stability of the solution?

I can’t recall any stability issues.

What do I think about the scalability of the solution?

We used this as an internal solution, so I can’t reasonably address scalability.

How are customer service and technical support?

I rate technical support 7/10. I felt they were very accommodating when we worked with them, but as we were ramping up the product, we needed a lot of support to understand Skyhigh functionality. We had a dedicated resource communicating with us for some time, but there was a sudden switch and the knowledge transfer between them wasn’t comprehensive, leading to some lag in support.

Which solution did I use previously and why did I switch?

We previously used a different solution but we did not drop it. We attempted to use the two solutions together.

How was the initial setup?

I was not a part of initial setup, so I can’t speak to this point.

What's my experience with pricing, setup cost, and licensing?

I was not part of pricing, so I can’t speak to this point

Which other solutions did I evaluate?

To my knowledge, Skyhigh was meant to help fill some of the performance gap shown by our other solutions, so we weren’t actively looking for products to do this so much as experimenting with a single new product we’d heard about.

What other advice do I have?

Use this product in conjunction with others. It has good coverage in terms of monitoring, but other commercial products were used to mitigate threats to the network.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Cyber Security Analyst at a tech services company
Consultant
Skyhigh's shadow IT capability and cloud risk registry are the two most helpful tools for our organization.

What is most valuable?

Skyhigh's shadow IT capability and cloud risk registry are the two most helpful tools for our organization.

How has it helped my organization?

We are able to see what cloud services are being used with much more clarity than with our proxies and more importantly identify that we are using many cloud services we were not aware were even cloud services. Especially collaboration services. The cloud risk registry has been great for getting a quick and clearer understanding of the risk of proposed services that we are looking at allowing. Previously we were paying for expensive industry reports.

What needs improvement?

The Skyhigh for Google Drive interface and policy engine is a bit confusing and limited when compared against other Google Drive CASB capabilities.

What was my experience with deployment of the solution?

We deployed the FedRAMP GovCloud version, which was not quite up to date with the mainstream version and still had some bugs to work out. Some other features are still in the works. We also found that it is important to ensure your inputs to the system are all uniform as it would have made for a more rapid deployment.

How are customer service and technical support?

Customer Service:

Excellent.

Technical Support:

Excellent.

Which solution did I use previously and why did I switch?

Skyhigh provided a FedRAMP solution, tokenization, a better shadow IT capability, and lower cost.

What about the implementation team?

The vendor team was excellent.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Solutions Architect at Credocom A/S
Consultant
Reports show cloud service usage on our network and give a risk assessment for each cloud service.

What is most valuable?

The most valuable feature of Skyhigh networks is the capability of giving an overview of all active cloud services on our network. Skyhigh analyzes syslog data from our firewall, and returns a report of the cloud service usage on our network. In other words, this takes the 'shadow' out of Shadow IT. It sheds some light on the current situation.

The report returned by Skyhigh not only shows which cloud services are in use, but also gives each individual cloud service a risk assessment in terms of risks associated with the service. The categories are Data Risk, User Risk, Legal Risk and Business Risk. With this overview of the associated risk for cloud services on our network, we can make some very conscious decisions about how we want to shape which services are used on the network. We can make sure that we offer safe alternatives to the services already in use. We want all our users to use cloud services, so that we can stay agile and flexible, but we also want to make sure we don't take any unnecessary risk.

Skyhigh furthers the protection of our sanctioned cloud services. Once we make a decision on which services we feel are a good match for our company, we can add extra protection to those services in the form of monitoring and threat prevention. Skyhigh can make sure that all data we put in our sanctioned cloud service is compliant with our company policy as well, as industry regulations. In other words, if one of our users accidentally puts data in the cloud that isn't compliant, we can remove this data before it causes problems. This is a win for our users and the company as a whole.

Skyhigh also monitors the usage of our sanctioned cloud services. They can spot any abnormal activity, such as users logging in from several different countries in a short period of time, or other suspicious activity.

How has it helped my organization?

We now have a good conscious about using Cloud services. Without an overview, you can only imagine what is going on. With monitoring, analysis and threat prevention, we know exactly what is going on and can prevent activity that we deem unacceptable or creates unnecessary risk. We have a much better overview of where our data is, both in terms of which service, but also in terms of geographical location.

What needs improvement?

The Web UI is still not quite as responsive as we would like. However, in praise of Skyhigh, they have taken this feedback into account. This is their biggest focus area for next major release.

For how long have I used the solution?

I have been using it for one year.

What do I think about the stability of the solution?

In version 2.7, we had a few issues. However, none of these were major, and they were usually fixable within a very short period of time.

What do I think about the scalability of the solution?

We have been able to provide Skyhigh solutions for customers of single office companies, as well as larger global companies, without any issues.

How is customer service and technical support?

Technical support was very good. Our partnership with Skyhigh is extremely close, and their incident response is sublime.

How was the initial setup?

The initial setup is quite easy. You must provide a log sample to Skyhigh, who then make sure their log parser is specifically suited to the customer. Once you have received a tenant, and the parser has been created by Skyhigh, the setup takes approximately one hour.

What's my experience with pricing, setup cost, and licensing?

The Skyhigh licensing model is based on the number of subscriptions of administrative users on the network. There are two separate licenses: Discovery and Secure.

Discovery gives the overview of which Cloud services and on your network. Secure protects your sanctioned Cloud services. We have chosen both, but there is nothing limiting you from running either of the two licenses separately.

If you are currently using a sanctioned Cloud service, then we recommend getting both licenses (Secure and Discover). However, if your company doesn't have an official Cloud service in use, then we recommend only purchasing the Discover license. You can always purchase the Secure license at a later time, if your situation happens to change.

Which other solutions did I evaluate?

We are a consultancy company that wants to get into the CASB area. We did very thorough research on the products that were on the market. We have done this on an ongoing basis to check on the competition. We researched Netskope, Aperture and Elastica thoroughly, before concluding that Skyhigh is the most mature and feature-rich product.

One of the biggest factors in choosing Skyhigh was that Skyhigh integrates with your current infrastructure, rather than adding another agent or needing to send all traffic through a proxy. This simplifies setup, as well as ensuring that the product does not cause bottlenecks. It just adds value to your already existing security infrastructure.

What other advice do I have?

Be prepared to involve management and your HR department. The data presented by Skyhigh, will most likely warrant change, both in terms of company culture, as well as adding restrictions to company policy. Once you have discussed policies and compliance, create some automation flows or workflows to ensure that all unwanted services or risk attributes are added to the block list on a regular basis.

Disclosure: My company has a business relationship with this vendor other than being a customer: We are partners with Skyhigh Networks.
ITCS user
Manager Infrastructure Security Engineering at a pharma/biotech company with 1,001-5,000 employees
Vendor
Once we identified high risk services, we worked with our users to migrate their data to IT sanctioned services, then blocked all high risk services.

Valuable Features:

The ability to identify shadow IT within our environment through proxy log analysis based on risk assessments provided by Skyhigh Registry have been invaluable in helping us reduce our overall data risk

Improvements to My Organization:

Once implemented we were able to identify 100+ high risk cloud services used by our users.  Once identified we worked with our users to migrate their data to IT sanctioned services, then blocked all high risk services.

Room for Improvement:

Sometimes the console performance is slow and updating custom attributes can be cumbersome as you have to do each attribute for a cloud service individually, the click the popup box to continue. 

The console performance is sometime slow, meaning that switch screens or generating reports can sometime feel sluggish.  Data and graphics takes time to load in the browser, and also performance can depend on which browser you are using. 

There is a customizable part of the SkyHigh global registry called custom attributes.  We use these attributes to identity and record details of our own interactions with the cloud service to show which we are reviewed, which services are approved, blocked, sanctioned, etc..  Entering information into these custom fields requires you to confirm changes for each field individually, a UI improvement could be to add a save or update button to the site instead of doing each field individually.

Disclosure: I am a real user, and this review is based on my own experience and opinions.