infoTECH Feature

January 28, 2014

CloudTrust Program from Skyhigh Networks Delivers Comprehensive Security Assessment for Cloud Services

You hear about it all the time: A security lapse in a cloud-based service causes some needless damage at a large company; or, an SMB wants to make use of cloud services but has no idea where the potential security risks might be, and has absolutely no idea what questions to ask of a potential cloud service provider to determine if the service is safe to use; and any security permutations in between these.

Wouldn't it be great to be simply know that a cloud services provider and their services can be trusted, or to be able to know ongoing that a once-reliable service is still reliable, all without the need to expend a great deal of vigilance, energy and cost (whether in actual dollars or in otherwise lost productivity) on your end?

Yes, it certainly would. The good news is there is a company for that - Skyhigh Networks. The other day we caught up with Rajiv Gupta, CEO and founder of Skyhigh Networks to dig into what it is Skyhigh brings to the game and to get a handle on why the company believes it can be trusted.

The company, still more or less a startup, has an experienced cloud security team in place, and is backed with funding from both Greylock Partners and Sequoia Capital (News - Alert) - two of the elite among venture capital companies. The company already has a number of customers in financial services, professional services, healthcare, high technology, media and entertainment, manufacturing, and legal verticals. In fact, some of them are rather extremely large businesses.

Skyhigh's goal is a simple one - to allow companies to easily embrace cloud services with the assurance that the vendor and service they embrace delivers appropriate levels of security, compliance, and governance. Further, the company sees it as its responsibility to ensure that companies can embrace cloud services with as little risk as possible at a cost that is affordable.

Based on a subscription model, Skyhigh offers services that the IT and/or security team of a company of any size, but typically one in the range of 1,000 to 100,000 or more users, can quickly get up to speed on and manage internally. Skyhigh is, of course, a cloud-based service as well, and one that Rajiv tells us is also subject to being evaluated by its own tools.

In order to add additional valuable insights into the cloud services provider industry, yesterday Skyhigh announced a new service that it refers to as the Skyhigh Cloudtrust Program. Designed and built on an in-depth set of criteria consisting of 50 different attributes developed in conjunction with the Cloud Security Alliance (CSA), the CloudTrust Program provides what Skyhigh believes to be an objective and comprehensive assessment of a cloud service provider's security capabilities.

Because Skyhigh produces an extensive, current, impartial and ongoing analysis of security capabilities for thousands of cloud services, it is able to maintain a detailed database that allows the company to offer such a service. As we and most anyone else in the tech industry knows, the single greatest barrier to cloud adoption is the issue of security. Rajiv and his team determined that being able to deliver an objective and brutally honest third-party assessment of cloud services would serve to drive cloud adoption forward.

We certainly can't argue with that. Rajiv is proud to note that the company has no cloud services providers as customers. As we both jokingly noted during our call, if the company had any such customers we would have to hang up and forget about the call we were having - and though we say "jokingly," we weren't really joking. Objectivity is at the core of Skyhigh's brand identification and its values; it is what makes it a trusted business.

One of the inherent barriers to cloud adoption - specifically with regard to security issues - is that the processes required to evaluate the security capabilities of a cloud service provider will be expensive, inexact, and always time consuming. The Skyhigh CloudTrust Program explicitly addresses this problem by providing an objective and comprehensive analysis of a service’s security controls and enterprise readiness.

To accomplish this, Skyhigh evaluates thousands of cloud services and awards the "Skyhigh Enterprise-Ready" rating and certification to only those services that fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection. Those 50 attributes we noted earlier are used to evaluate cloud service providers across data, user and device, service, business, and legal attributes. It is assuredly comprehensive.

Rajiv notes that, "There’s no shortage of companies claiming that they are enterprise-ready but assessing these claims is a very expensive and time-consuming process and IT teams are not staffed to handle the tens of requests every week. With our CloudTrust program, we bring third-party objectivity and transparency to streamline the evaluation process so that IT can rapidly provide their employees with the most secure services on the market that are well beyond adequate to meet a company's needs."

One of Skyhigh's larger customers – although, in fact, not quite its largest – is Cisco (News - Alert). Jens Meggers, Cisco VP, Collaboration Technology Group, provides a very interesting perspective on Skyhigh - as well as a perspective that encompasses a very large scale business case.

He says, “Our customers utilize WebEx web conferencing solutions to have collaborative and dynamic meetings anytime, anywhere. But just as importantly, our WebEx products are delivered through the Cisco WebEx Cloud which provides the highest levels of performance and security. Because enterprise-grade security, high availability and scalability levels are of utmost importance to Cisco, we are honored to be rated as a Skyhigh CloudTrust 'enterprise-ready' solution."

For Skyhigh, part of the value it offers to its customers (and we should add, to non-customers as well) is the certification is bestows on the cloud providers. The Skyhigh certification is taken quite seriously by the industry - it is the ultimate seal of approval - and one that Skyhigh is not shy about taking away if a provider fails to meet any of those 50 attributes that comprise Skyhigh's ongoing security checks.

What more can a business that is considering cloud services ask for? For that matter what more can a business that already uses cloud services ask for?

Cloud4SMB Expo, collocated with ITEXPO (News - Alert) in Miami, Fla. this week delves into what the cloud can do for small and medium businesses seeking to leverage the benefits of cloud computing solutions. On Wed., Jan. 29 at 9 a.m. a session titled, “Why the Cloud is Your Path to SMB Revenue,” will explain why cloud is your security blanket for growing your business beyond your traditional models.

Edited by Blaise McNamee

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers