Skyhigh Security Reviews

The user analytics.

We were able to analyse our user activity, which helped us to identify the associated risks.

Improve the user interface (UI) of the tool and make it user-friendly.

Three years.

Yes.

Yes.

Yes.

A six out of 10.

A seven out of 10.

No.

I was not part of the setup.

A vendor team did the implementation. I would give them a seven out of 10 on their expertise.

I have no idea of what it is.

No.

Skyhigh Box

It makes our work easier.

Cloud computing.

Almost a year.

No.

No.

No.

It is a nine out of 10.

It is a nine out of 10.

No.

The initial setup was straightforward.

Implemented in-house.

It is confidential.

It is very easy.

No.

Sanctioned IT.

To analyse cloud traffic.

Reports.

One year.

No.

No.

No.

An eight out of 10.

A seven out of 10.

No.

Implemented through a vendor team. Their expertise was advanced.

Positive.

Go with the licensing.

Nope.

• Tokenization
• User analytics

• Identification of user activity
• Login information

De-tokenization.

More than one year.

Not for now.

No.

No.

Good.

Good.

No.

Straightforward.

We used a vendor team.

I do not know.

It is affordable. Skyhigh has some good features.

No.

• Box API features with DLP capabilities
• Shadow IT

Our organization is moving much of its non-sensitive data to Box. We needed the ability to have full visibility into what was occurring within the Box infrastructure, from Skyhigh to Box API integration.

SkyHigh has the ability to place users or groups on a ‘Watchlist’; which allows you to see certain views with these Watchlists users/groups in them. This is great when you are looking at live data but if I wanted to generate a report on "only" the watchlists.

Two and a half years.

No.

Skyhigh has been improving their product and releasing upgrades on a consistent basis. Now, the stability and speed are greatly improved. Looking forward to their next major release.

No, since I am able to use my blue coat logs.

A 10 out of 10

A nine out of 10.

No.

Straightforward. Guidelines and instructions are very easy to follow.

Our implementation was in-house. Since the deployment of this cloud access security broker (CASB) was rather simple, there was no need to bring in a third-party vendor.

The biggest thing to watch for is the difference in price per monitored user for the different API integrations. We currently only use the Box API, but we thought about using the Salesforce one. However, it was drastically more expensive per user. We are starting to look at the 365 monitoring since we may migrate there soon, but I have not looked at the pricing for it yet.

No.

• Shadow IT
• Sanctioned IT

High-risk services

De-tokenization.

One year.

Yes.

No.

Yes.

A six out of 10.

A six out of 10.

No.

• Skyhigh's Shadow IT capability
• Cloud Risk Registry
• DLP policies and anomalies

We are able to see what cloud services are being used with more clarity than with our proxies. More importantly, we can identify that we are using many cloud services in which we were not aware that they were even cloud services, especially collaboration services. The cloud risk registry has been great for getting a quicker and clearer understanding of the risk of proposed services that we are looking at allowing. Previously, we were paying for expensive industry reports.

Finally, anomalies are key players to identify the intruders in an organization.

1. The Skyhigh for Google Drive interface and policy engine is a bit confusing and limited when compared against other Google Drive CASB capabilities.
2. The de-tokenization process
3. Data anomalies

More than two years.

Yeah, a little bit.

Sometimes.

No.

Excellent.

Excellent.

No, we haven't

The vendor team was excellent.

Good.

Not applicable.

Skyhigh provided a FedRAMP solution, tokenization, a better shadow IT capability, and lower cost.

Netskope.

Needs stability and additional new features.

All the information available on each service, including its risk assessment. Service groups, automatic assignment of services based on designated conditions, and the ability to utilize multiple log sources for the data.

Provides quite a bit of visibility into cloud services being utilized in our environment. I've been able to take the data available in Skyhigh and create discussions about whether we should be allowing or blocking certain services. This has also allowed us to start developing policies/procedures around new services which get introduced into our environment.

Iron out the few bugs that I've seen.

Less than one year.

None that I'm aware of.

No issues with stability.

No issues with scalability.

A 10 out of 10.

A 10 out of 10.

We did not previously use a different solution.

Unknown, as I was not involved in the setup process.

Unknown, as I was not involved in the procurement process.

Unfortunately, I don't have this information.

Not applicable, as I was not involved in the decision to go with this product.