digital-fingerprint-identification

Skyhigh’s Security Services Edge approach

Estimated reading time: 4 minutes

Symphony Technology Group (STG)  is a very strategic cybersecurity investor and one of the largest private equity investors in the cybersecurity space.

The solutions that its latest company, Skyhigh Security, offers is also a new category defined by Gartner recently as Security Services Edge (SSE).

Its  APJ VP, Craig Nielsen, said, “What Gartner is attempting to do is say there is a better way to look at the security capabilities around SASE. SASE or Secure Access ServiceEdge, is massive. It is a large set of capabilities and what Gartner wanted to do was define the core cloud-based security components that support SASE infrastructure.”

It is important to be able to manage this complexity because operational friction and policy gaps due to fragmented systems are making organisations very vulnerable.

Craig opined that these capabilities exist today as siloed capabilities and what SSE is suggesting is that there is a better approach to consolidating it all into a single control plane, to be able to manage, operate, and protect an environment.

“So, the benefits of our simplifying and consolidating these components into a single control plane is operationally and from a cost perspective, very impactful,” he said.

It is important to be able to manage this complexity because operational friction and policy gaps due to fragmented systems are making organisations very vulnerable.

SASE and SSE

At a high-level SASE thinks a lot about networking components and software-defined networking, virtualisation, and cloud.  

Craig added that it would also take into account security considerations, and SSE is one of these security considerations that would support a SASE infrastructure.

“We are allowing customers to protect data, wherever that data may be and have the policies associated with that data to move with it. And that is extremely powerful.”

Tangible examples of these would be web gateways, CASB services, remote browser isolation (RBI) capabilities, and even zero trust network access (ZTNA) capabilities.

“The problem SSE solves is connecting users securely to the services they require, be it on public cloud, SaaS apps, or private apps.”

Craig opined that Skyhigh has a particularly strong offering because it does not only provide zero trust access components for users to access services, but it also does this via a single control plane.

“We are allowing customers to protect data, wherever that data may be and have the policies associated with that data to move with it. And that is extremely powerful.”

User benefit

 From a users’ perspective it is just really easy to access your platforms, while providing really fine-grained security controls for the back-end security teams.

Besides authenticating their identity with the latest cloud-based authentication capabilities that supports zero-trust policies, there is Skyhigh’s platform which looks at a users’ rights to access services as well as the data they are accessing, transferring to the cloud, or downloading from the cloud.

“There are some fundamentals that everyone is doing around access controls. And then, there are capabilities that we overlay on top of it,” Craig said.

Admins would be able to do a posture analysis of a device that is accessing a service, to determine whether the device has the necessary security patches that the organisations would want it to have.

Besides authenticating their identity with the latest cloud-based authentication capabilities that supports zero-trust policies, there is Skyhigh’s platform which looks at a users’ rights to access services as well as the data they are accessing, transferring to the cloud, or downloading from the cloud.

“What we would then do seamlessly, is invoke remote browser isolation (RBI). So that engagement is pushed off to a RBI session which is another method of protecting a company because it mitigates the risk of that user’s machine being compromised, if they are found to be not patched to the right level,” Craig said adding that we could think of it as a type of browser sandboxing.

“Now, we are offering that as part of our standard solution. The critical thing in cybersecurity is if you have ten controls from ten different vendors, it gets very difficult for organisations to operationalise those platforms, unify policy, to train its people, and so on.

Admins would be able to do a posture analysis of a device that is accessing a service, to determine whether the device has the necessary security patches that the organisations would want it to have.

“And so if we can unify RBI, web gateways, CASB (cloud access security broker), and private access under a single platform, we can improve operations and costs significantly, in an organisation.”

Moving forward

Craig observed a fast-moving market that wants to partner with a vendor that looks ahead. “We are innovating at high velocity, looking ahead and around the corner.”

“We are accelerating innovation and innovating in the right areas that we think our customers are looking for use case improvement from the market and from its vendors.”

This could not come at a better time as he shared a Gartner view that 15-percent of organisations are making security service edge decisions (SSE) in a consolidated way.

“And they say that by 2025, 80-percent of organisations will choose a consolidated SSE vendor. We are also seeing that shift happen in the marketplace in APJ.”

Craig concluded, “We’re run off our feet with POCs across ASEAN, helping customers think of the opportunities around unifying those platforms.”