INTEGRITY360 LIMITED

Skyhigh Cloud Platform

Skyhigh Cloud Platform is a cloud access security broker (CASB) that enables customers to securely use over 31,000 cloud services. Skyhigh Cloud provides a single cross-cloud platform solution to gain visibility into cloud usage and risks, meet audit and compliance requirements, enforce security policies, and respond to threats.

Features

• Identifies and tracks High Risk Cloud Services
• Delivers comprehensive registry of SaaS, IaaS, and PaaS services
• Summarises cloud usage from across the business
• Sensitive log data tokenised for on premises for security
• Automatically generates scripts for popular firewalls/web proxies
• Collects and analyses firewall logs
• Simple Usage Dashboard: easy-to-understand visual summary of key usage statistics
• Provides a detailed audit trail for forensic investigations and compliance
• Detect and respond to potential data exfiltration attempts
• Encrypts data in transit and at rest in cloud services

Benefits

• Helps protect organisations from reputational damage from cyber-attack
• Capability to self-audit an organisation’s usage of cloud services
• Policy enforcement prevents unauthorised data leakage (DLP)
• Underpins information privacy, security, compliance with detailed reporting
• Highlights the use of ‘Shadow IT’ across the organisation
• Encryption and other features facilitate the secure adoption of cloud-services
• Quickly identifies sensitive datasubjects to compliance-requirements/security-policies.
• Identifies third-party suppliers and the data flows that exist.
• Guides users from unapproved services to business sanctioned alternatives
• Highlights gaps in cloud-policy enforcement and force consistent policy deployment

£16.77 a licence

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

592361599756187

Contact

Paul Momirovski
+44 20 3397 3414
bidreviewboard@integrity360.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: No
• System requirements:
  • Optional Cloud Connector:
  • NIC: 1GB with access to the internet
  • RAM: 8GB min
  • CPU: 8 Cores min
  • HDD: 250GB min
  • Operating System: Windows (32/64 bits) or Linux

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times for questions are as fast as 1 hour for severity 1 questions
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Account Management; Sales Engineer; Support and Maintenance; Support Requests ; Phone, Email & Web 24/7; Technical Support ; Office hours (critical and non-critical issues) M-F 6am-6pm PST (excluding US holidays); Availability for critical issues 24/7; Service Support ; Upgrade notifications Yes; Remote diagnostics Yes; Online Resources ; Documentation Yes; FAQ Yes; User Portal with searchable KB articles; Based on 4 service criticality levels 1 to 4; ; Support is included in the annual subscription for the Skyhigh Cloud Platform Services; Additional support can be purchased which a Technical account manager is allocated to a group of accounts and a customer success manager provides regular quarterly services reviews; Caretower also provide a fully managed service and support contracts
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Skyhigh Security customers are supported all the way through the lifecycle. Expert advice and guidance in offered from our presales team during planning and customers are provided training both on-site and by remote/virtual meetings during the deployment phase. Support is provided 24x7 to cover operation and technical aspects. User documentation is available on-line.; A Customer Success manager from Skyhigh Security is allocated to support customers from and has responsibility to ensure all operational criteria are met and value realised as quickly as possible.; Caretower Paid for Professional Services are also available
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Skyhigh Security provide data extraction of this service as part of their standard user agreement
• End-of-contract process: Data Export and Data deletion at no cost to the customer

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: The dashboard will operate on mobile devices in a restricted manner by the rendering of the device itself and will also not allow de-tokenisation of users unless the device is on the same corporate network as the cloud connector application
• Service interface: No
• User support accessibility: None or don’t know
• API: Yes
• What users can and can't do using the API: The API is not available to the users but is used to control services around the Skyhigh Cloud Platform. ie a functional API not a management API
• API documentation: Yes
• API documentation formats:
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Skyhigh Cloud Platform offers customers various levels of customisation in both the technical functionality and user experience. Customisation and control is available in the Shadow and Sanctioned IT packages allowing various features and control functions to be applied as required. ; The User interface can be customised for the customer with detailed customisation available on the screen rendered dashboard and reports outputs.

Scaling

• Independence of resources: The Skyhigh Cloud Platform is a true multi-tenant cloud environment and as such scales elastically to deal with user load in real time

Analytics

• Service usage metrics: Yes
• Metrics types: Detailed reporting is available for:; • Cloud Services visited; • Activity on the service; • Size of uploads/downloads; • Risk Scoring detail of each cloud service; • Anomalous/Rogue activity of users versus services; • Fully customisable user reports around variable parameters
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Sky High, Trellix, McAfee

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Symmetric data encryption to tenant specific keys and tokenisation
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: This is not a function that users can perform. Skyhigh Security will manage this process as part of the end of contract process
• Data export formats: CSV
• Data import formats: Other
• Other data import formats: None

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: IP Restrictions, IPsec and VPN gateways
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Symmetric data encryption to tenant specific keys and tokenisation

Availability and resilience

• Guaranteed availability: 99.5% is the target availability defined in client contractual documentation.; ; Refunds for service discrepancies are also defined in the contract and may vary per client dependant on criticality of deployment within the organisation.
• Approach to resilience: Skyhigh Cloud Platform is a global service, delivered through globally distributed, fully redundant Points-of-Presence (POP) across the world. Each such POP comprises multiple layers of redundancy, all the way from application functions down to the hardware and ISPs connectivity, as well as redundancy across multiple availability zones. So each PoP by itself is again highly available.; High availability is also provided for automatic failover between POPs to ensure continuity of service in the event of a catastrophic loss. This high availability is provided through Hosted DNS (Domain Name System) and CDN (Content Delivery Networks), which provides 100% Service Level Agreement for DNS resolution with a globally distributed and highly redundant design, extremely rapid propagation updates, and DNS failover as a core feature. ; ; Further details are available to customers.
• Outage reporting: API services exist where customers can run health checks. Any major outages would be advised to the customer by email and SNS with associated resolution activity.; Customers are also able to view the Skyhigh Security trust portal (https://trust.skyhighsecurity.com/mvc/), where availability and scheduled maintenance are shown.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Other user authentication: When a user logs into a sanctioned cloud service, the identity management provider authenticates access and redirects traffic through the Skyhigh Cloud Platform proxy for application of security controls. After an initial device check, customers can choose to allow a direct connection to the CSP, bypassing the Skyhigh Cloud Platform Reverse Proxy for the rest of the session (e.g. for API-integrated CSPs and Managed devices), or choose to seamlessly redirect the user's browser session through the Skyhigh Cloud Platform Reverse Proxy (e.g. for Unmanaged devices) and restrict the use of Native Apps (such as desktop sync clients).
• Access restrictions in management interfaces and support channels: Based on user permissions hierarchy and authentication
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Other
• Description of management access authentication: Skyhigh Cloud Platform fully supports SAML 2.0 and WS-Fed protocols and can therefore integrate with virtually any other identity management solution, not just for O365, but for any other SAML or WS-Fed compatible service.; When an administrator logs into the Skyhigh Cloud Platform portal, the identity management provider authenticates access and provides SSO capabilities. If SSO or 2-factor authentication are not required, an external identity management solution is not required. The Skyhigh Cloud Platform has its own internal user database that provides role-based access controls after the administrator has authenticated"

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Redacted
• ISO/IEC 27001 accreditation date: 30/4/2020
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 25/03/2022
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: N/A
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: Yes
• Any other security certifications:
  • US Fedramp
  • SOC2 Type II
  • ISO27018

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC2 Type II, ISO27018
• Information security policies and processes: Skyhigh Security has a fully documented security control policy and procedure, as outlined by ISO 27001 and 27018 . Full details available on request.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Skyhigh Security’s Change Management (CM) process provides a framework for the thorough documentation, testing, and evaluation of all proposed changes to the production environment. The CM process mitigates risks to Skyhigh Security production applications. ; ; Process is as follows:; Weekly meetings are held to review pending patches to production systems.; Critical patches including security patches are prioritized and scheduled for implementation as soon as possible; Non-critical patches will be analysed to determine the logical window to schedule the upgrades; ; In cases where downtime is required, system maintenance is during off hours.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Routine vulnerability scanning tests are performed by external companies like Qualys and others and work is created to identify and mitigate vulnerabilities.; For security reason we do not provide vulnerability scan to tenants. We can provide the scan schedule and the remediation plan and result.; Patches applied as soon as vulnerabilities are disclosed. There are multiple sources of threat intelligence.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: A Combination of edge protection provided by Inbound/Outbound next generation firewalls and use of industry leading IPS intrusion protection ; Real-time alerting via SoC/SIEM security incident and event monitoring using Skyhigh Security expert resources
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Skyhigh Security’s incident response procedure ISMS Incident Response Procedure undergoes continuous improvement as a part of our ISMS for ISO 27001. ; The standard process is to open case is via email or phone. All cases are documented. Once the case is opened , the case is assigned to the technical support engineer, who will triage the case based on the information provided by the customer. If they cannot resolve the case within the first 2 hours, the case is escalated to the Senior Escalation Engineer.; Based on the severity and business impact, engineering will resolve issues as appropriate

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Trellix celebrates fresh thinking and soulful work.; Trellix provides an opportunity to change the world – with bigger, better, bolder ideas.; Encourage to: Be disruptive. Be innovative. Be a game changer.; Encourages DEI:; ; Announced a partnership with the Hispanic Alliance for Career Enhancement (HACE) to launch a comprehensive mentorship and educational program and a partnership with Gotara, a global career growth platform for women in STEM+ to close the cybersecurity talent gap.

Pricing

• Price: £16.77 a licence
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at bidreviewboard@integrity360.com. Tell them what format you need. It will help if you say what assistive technology you use.