April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Skyhigh Networks earns FedRAMP certification, becomes only cloud access security broker approved to serve all federal agencies
By Steve Bittenbender
Editor, Government Security News
Earlier this week, Skyhigh Networks announced it achieved Federal Risk and Authorization Management Program certification, and it was a moment of great pride for the company, said Kevin Jones.
The certification, better known as FedRAMP, is a government initiative that standardizes security assessment for cloud-based products and services. Not only did the California-based company become one of less than 100 companies to achieve this lofty status – joining the ranks of Microsoft and Salesforce – it also became the only cloud access security broker that’s allowed to provide cloud services to all federal government agencies, said Jones, who serves as Skyhigh’s senior director for public sector sales.
With a FedRAMP certification, it reduces the costs associated for agencies needing to conduct security assessments on their solution providers. In some cases, that can reduce costs by up to 40 percent.
More scrutiny has been paid to federal data security since the revelation last year that the Office for Personnel Management’s servers were breached. In all, the records of more than 22 million people – including government employees, contractors, applicants and their family members – were compromised. That included exposing Social Security numbers and, in some cases, fingerprint files.
Skyhigh’s CASB is a software-as-as-service offering that lets agencies become more aware of their cloud usage and the associated risks. While helping them meet compliance standards, Skyhigh’s service also helps detect and respond to threats to the network.
It also enables agencies to encrypt data using their own controlled encryption keys. In addition, Skyhigh can work with government agencies – including those in local and state governments – to allow authorized users to access secure data in a “bring your own device” environment.
“With pervasive cloud control regardless of how or from where or from what device the cloud service is accessed from, we’ll be able to leverage directly through an in-line link to the agency,” Jones said. “That basically provides seamless control for that cloud traffic regardless of how the service is accessed.”
But Skyhigh doesn’t just deliver a secure solution, Jones said. Agencies have run tests that indicate users accessing data on Skyhigh’s cloud service can get files just as quickly, if not faster, than through a networked terminal.
To earn the FedRAMP certification, Skyhigh needed to submit a security assessment package that was thoroughly reviewed by accredited third-party organizations. Jones said the process is arduous but considering what’s at stake, it’s understandable.
“There’s a scuttlebutt about just how FedRAMP is challenging CSPs and the time that it takes” to achieve certification, he said. “This is a big deal. I don’t believe the government is willing to lower its standards just because the process to get there is challenging. That makes it all the more worth it. There’s less than 100 compliant CSPs on the planet, and we’re just very, very proud to be one of them.”
In addition to serving local, state and federal agencies, Skyhigh also provides cloud security and enablement solutions to more than 500 companies. Aetna, General Mills, HP and Western Union all use Skyhigh to ensure their cloud usage is secure and compliant.