This content is part of the Conference Coverage: RSA 2017: Special conference coverage

Conference Coverage

Browse Sections

Skyhigh expands CASB model to IaaS platform protection, custom apps

At RSA Conference 2017, Skyhigh Networks explained how it expanded its cloud access security broker model to include IaaS platforms and custom enterprise applications.

SAN FRANCISCO -- After years of focusing on software-as-a-service security, Skyhigh Networks is moving up the cloud...

security ladder to tackle infrastructure as a service, as well as custom enterprise applications.

Skyhigh Networks recently extended its cloud access security broker model beyond commercial SaaS applications to focus on infrastructure as a service, or IaaS, platform security. At the Cloud Security Summit at RSA Conference 2017, Skyhigh CEO Rajiv Gupta said IaaS security has become a growing concern for both enterprises and cloud access security brokers, or CASBs, like his company. More custom apps are being deployed in the public cloud without the knowledge of IT departments and without the proper security controls.

 "This year -- the next 12 months -- is the tipping point," Gupta said during his keynote, citing new research from the Cloud Security Alliance. "We will end up with more custom applications in the public cloud than in the private data center."

To that end, Skyhigh introduced two new products: Skyhigh for Custom Apps and Skyhigh for IaaS Platforms. The former product leverages artificial intelligence (AI) to discover custom applications that may be hidden from IT departments, and then map specific security controls -- such as data loss prevention or BYOD policies -- to those apps. Gupta explained that the AI model is crucial for Skyhigh's product because of the vast amount of custom applications within enterprises.

"There are more than 8 million custom applications -- and that's just for the top 20,000 companies -- that are running out there that need those type of security controls," Gupta said. "We can't take the time to understand all those applications. It's impossible."

The AI-powered mapping, however, allows customers to quickly onboard their custom applications without having to individually review them and apply security controls. "This doesn't require any additional custom application development work," Kamal Shah, senior vice president of products and marketing at Skyhigh, based in Campbell, Calif., told SearchSecurity.  "We're not touching the code."

Moving to custom apps to IaaS platforms is going to happen, despite the headaches and security concerns.
Kamal Shahsenior vice president of products and marketing at Skyhigh Networks

The latter product goes beyond securing custom applications in the public cloud and provides additional security controls for the IaaS platform itself, whether it's Amazon Web Services (AWS), Microsoft Azure or Google Cloud Platform. While Skyhigh for Custom Apps guards the front door, Gupta said, "in an IaaS environment, you also need to guard the back door."

Skyhigh for IaaS Platforms provides enterprises with activity monitoring, auditing and additional threat detection features for their IaaS environments. For example, the product can identify inactive accounts that need to be deleted and audit the IaaS platform's security settings to find misconfigurations or other potential vulnerabilities.

Shah said while some IaaS providers already offer similar features for their specific cloud services, Skyhigh for IaaS Platforms gives customers a broad view their all their public cloud resources in one management console.

"We hear a lot about console fatigue from our customers," Shah said. "There are customers that say they don't want to use, for example, an AWS management console because they also use Azure and Google. So, this helps reduce the security consoles you have to deal with."

Shah said Skyhigh expects enterprises to develop more custom applications and migrate them to the cloud.

"Moving to custom apps to IaaS platforms is going to happen, despite the headaches and security concerns," he said. "There's no stopping that freight train, because the cost benefits and ease-of-use benefits are just too great."

Next Steps

Find out why a standardized CASB framework may be necessary

Learn if a CASB should be used to decide when to allow shadow IT

Discover how to strategically implement CASBs in the enterprise

Office 365 migration is easier with prepartion


Dig Deeper on Cloud Computing Infrastructure as a Service (IaaS) Security