There has been a dearth of intelligence reporting on cloud services and up until now we had to rely upon the Verizon Breach Report, Alert Logic’s State of the Cloud report, the Enisa and other reports, but even so there was nothing specifically about a given cloud service outside the lightly used Cloud Security Alliances STAR self-certification. Instead you must imply something about a given service. This has changed. Meeting this need is Sky High Networks.
Sky High Networks provides Software as a Service (SaaS) that Detects cloud services being using within an enterprise by analyzing various system logfiles to determine which cloud services are in use. Furthermore, it usings its cloud service to analyze this data across tenants to rate cloud services and provide a risk score based on placing Personal Identifiable Information (PII) within the cloud. This risk analysis has been performed for over 2000 cloud services. In addition to detection and analysis, Sky High Networks provides a client less approach to control, that will work with many cloud services used by the enterprise.
The cloud service registry can be found at STAR and is tied to CSA’s STAR program.
Using their Detection and Analysis mechanisms, Sky High Networks provides another very important and until now missing report that can be used by enterprise security intelligence teams, IT Automation, and decisions about which cloud services should be allowed from an enterprise. Security teams and CISOs could become cloud enablers by automatically allow clouds services with great ratings while redirecting those with horrible ratings to more secure services.