Cloud Computing

Cloud risks have a big upside for Skyhigh Networks CEO

I first met Skyhigh Networks CEO Rajiv Gupta three years ago when his company was just finding its feet as a service for analysing and mitigating cloud application risks. Back then I described Skyhigh as a novel startup that you might describe as a “risk registrar”. Things have moved on a bit since it’s fair to say.

Today, five-year-old Skyhigh is at the front of the pack in the cloud access security broker (CASB) category. Analyst firm Gartner defines CASBs as providing “security policy enforcement points, placed between cloud service consumers and cloud service providers”. It also calls this the fastest growing security category ever which, given that security has been the gift that keeps on giving for the security industry, is something. Perhaps predictably, when we speak by phone, Gupta concurs, calling this a category at least the size of the network security segment that spawned giants such as Palo Alto Networks, which last year had about $1.4bn in revenue.

Simply put, Skyhigh’s formula is ‘discover, analyse and secure’; that is, discover the source of threats; analyse their severity; and shut down those issues. It started out as a public cloud specialist, helping CIOs and their lieutenants to understand the risks associated with the big players such as, Microsoft Office 365 and many others. These notably included services such as Dropbox or Gmail that corporate users might lean on to do jobs (send a quick mail from another computer, share a huge file) that the officially sanctioned tools weren’t a good fit for. This issue, sometimes called Shadow IT, has become a plague for many IT bosses that might not even realise what their users are up to in self-crafting IT environments.


Not just public

Today it also handles the in-house programs coded within organisations, a significant shift given the warm embrace currently being given by companies to private, mixed and hybrid cloud approaches, and the growth of AWS, Microsoft Azure et al.

“The discussion has shifted to ‘I’m putting the data in someone else’s datacentre but its private to me and my controls apply to it’,” says Gupta. “People say ‘Do I really need to run my apps, the ones I’ve written myself, in my own private datacentre anymore, or can it sit in a third-party facility?’ We don’t think of British Airways as a software company but they have more developers than many software companies and they need the same security control as a Salesforce needs.”

With Skyhigh, or so the pitch goes, customers get the agility, ubiquity and collaborative features of cloud apps without what Gupta calls the “perils” of the many and proliferating security and governance challenges. The way he sees history, things have come full circle. 

“Before, data was housed in the mainframe and what you cared about was that data. Then the PC came along and the data began to move down to the PC. The internet comes along and I’m worried about all these things that can affect my data so we built the perimeter. Today the data is all out there and my employees aren’t sitting behind a firewall but in Starbucks or wherever. It’s all about the apps and data, always was and always will be.”

Skyhigh’s formula seems to be working. The Californian company today has over 300 staff, over 600 enterprise customers including 40 per cent of the Fortune 500. Skyhigh also counts intelligence agencies and public-sector organisations on its roster.


Red tape

Another wave might come from what’s happening in data privacy and the changing regulatory landscape.

GDPR [the EU’s incoming General Data Protection Regulation] is a big one where we’re seeing a massive growth in our business,” Gupta says. “There’s a tug of war where commerce wants access to data to serve you better, government wants access to data to help make you safe, and you want to control your privacy.”

A lot of people paint GDPR as requiring data is stored locally and only used with clear consent of customers but Gupta’s take is that encrypted data held outside the EU will satisfy regulators, so long as keys are held locally. But, I ask, what about if that encryption gets hacked?

“In security there’s never an absolute, it’s a question of how difficult you make it. We need to find technologies that don’t create balkanisation. You’re making a trade-off. Maybe there’s another way to skin the cat where the keys have to stay locally. It’s too broad to say with GDPR encryption is a ‘get out of jail free’ card but some requirements go away. Those who suffer the largest fines will be those that have not taken care.”

CASBs like Skyhigh would seem to be a good fit for working alongside, or within, the big security software players but Skyhigh could well have enough momentum to take Gupta through to an IPO, not that he’s talking up that option just yet. But he does say that an additional $50m in funding raised last year will soon take the company to cash-flow positive status. That’s fast progress for a company only founded in 2012… and it’s not like those cloud risks are going anywhere soon.


Also read:
Skyhigh aims for clouds with risk register
What we know, and don’t know, about GDPR


« With Djingo, Orange plans to take on Alexa in your home


Carl-Manuel Brachet wants to find jobs for CEOs »
Martin Veitch

Martin Veitch is Contributing Editor for IDG Connect

  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?