SAN FRANCISCO -- Cloud access security brokers have traditionally focused on insecure or unauthorized third-party cloud applications, but some CASBs, such as Skyhigh Networks Inc., have shifted their sights to bigger fish in the infosec pond.
Skyhigh Networks recently introduced two new offerings to address growing concerns from customers regarding custom enterprise applications and infrastructure as a service (IaaS). Skyhigh for IaaS platforms provides security controls for Amazon Web Services, Microsoft Azure, Google Cloud Platform and other cloud services, while Skyhigh for Custom Apps brings traditional CASB features to enterprise apps developed in-house and which run in cloud environments.
Kamal Shah, senior vice president of products and marketing at Skyhigh, spoke with SearchSecurity at RSA Conference 2017 about how the new products address growing demand from customers to protect IaaS platforms and the custom apps that live on them.
"What we're doing there is really analyzing the configuration of your IaaS platform itself, and making sure the configurations are in line and compliant with your policies," Shah said. "So, for example, do you have multifactor authentication turned on for all applications running in your IaaS environment, or do you have any storage buckets, like an S3 [Simple Storage Service] bucket in Amazon, that's publicly accessible when a policy states it should not be?"
Shah also talked about how the CASB market and Skyhigh's own model have evolved over the years as enterprise cloud adoption has increased and expanded.