Z Services Cloud
Access Security Broker

Shadow IT

Take control of employee-led cloud adoption with continuous visibility into all cloud services in use, real-time governance policy > enforcement, and threat protection

Discover all cloud services in use

Z Services CASB discovers all cloud services in use by employees both on and off-network, including thousands of cloud services uncategorized by firewalls and web proxies. The solution’s usage analytics summarize cloud usage in aggregate and at the department and user level with traffic patterns, access count, and usage trends over time, enabling IT to securely enable cloud services that drive productivity and growth.

Understand the risk of each cloud service

Z Services CASB delivers the largest and most accurate registry of over 20,000 cloud services with a 1-10 risk rating of each service based on a detailed security assessment across 50 objective criteria. Enterprises can modify the weights of these 50 attributes to generate customized risk scores tailored to their own unique risk profile. Cloud provider risk assessments in Z Serǀices CASB’s registry form the foundation of governance workflows and policy enforcement.

Report on cloud usage and risk

Z Services CASB includes pre-built reports and dashboards that summarize cloud usage and risk across multiple dimensions. Users can create their own custom views and reports, which can be shared with other users. Z Services CASB supports periodic email reports on key usage metrics based on customizable report templates. Cloud usage reports can also be downloaded in PDF format or exported in CSV or Excel formats for import into standalone reporting tools.

Enforce cloud governance policies

Z Services CASB enforces governance policies based on cloud service groups. For example, Z Services CASB can assign all file sharing services that claim ownership of data uploaded to the service to a service group and enforce read-only access so users can download data shared by business partners but cannot upload corporate data to these services.

Enforce cloud governance policies

Governance workflow

Z Services CASB groups services based on customer- defined governance criteria, such as approved, permitted, and denied acceptable use categories. Users can manually assign cloud services to a group or automatically assign group membership based on risk rating and specific risk attributes tracked in Z Services CASB’s registry. A governance approval workflow ensures all changes to policy are reviewed and approved by a manager before taking effect.

Integration to firewalls and proxies

Z Services CASB can optionally integrate with firewalls and web proxies to push updated governance policies to existing egress infrastructure, maximizing the value of existing security investments. Policy enforcement can include coaching users to adopt corporate-approved services, enabling services in read-only mode, and blocking users from accessing the highest risk services that lack critical security controls and have unfavorable terms of use.

Identify and close policy enforcement gaps

Z Services CASB maintains the most comprehensive and up-to- date database of cloud provider URLs and IP addresses. Identify gaps in policy enforcement due to inconsistent configuration across egress infrastructure, exception sprawl, and recently introduced cloud provider URLs that are unknown to egress providers, and push updated policies to close gaps in policy enforcement.

Identify and close policy enforcement gaps

Prevent data leakage via unmanaged services

Z Services CASB enforces data loss prevention policies across data bound for unmanaged cloud services in real time. Z Services CASB DLP policies support rules based on keywords, data identifiers, user groups, and regular expressions. Enforcement actions include coach user, block, and notify administrator.

Prevent data leakage via unmanaged services

Detect cloud-based threats

Z Services CASB captures a comprehensive audit trail of all user activity across cloud services for post- incident investigations and forensics. Leveraging user and entity behavior analytics (UEBA), Z Services CASB then analyzes cloud usage and identifies patterns indicative of security breaches, insider threats, and malware exfiltrating data from on-premises systems via unmanaged cloud services. Z Services CASB also integrates with threat intelligence feeds to identify data bound to IP destinations associated with spyware, phishing, and botnets.

Detect cloud-based threats

KEY FEATURES

COMPLIANCE

Cloud Data Loss Prevention
Enforces DLP policies based on data identifiers, keywords, and structured/unstructured fingerprints across data uploaded in real time.
Policy Violation Management
Offers a unified interface to review DLP violations in context and perform remediation to resolve an incident or mark it as a false positive.
Unstructured Data Fingerprinting
Fingerprints sensitive files and detects exact match and partial or derivative matches with a policy-defined threshold for percentage similarity to the original.
Pre-Built DLP Templates
Provides out-of- the-box DLP templates and a broad range of international data identifiers to help identify sensitive content such as PII, PHI, or IP.
Structured Data Fingerprinting
Fingerprints billions of unique values stored in enterprise databases and systems of record and supports exact match detection of each value.
Match Highlighting
Displays an excerpt with content that triggered a DLP violation. Enterprises, not Skyhigh, store excerpts, meeting stringent privacy requirements.

THREAT PROTECTION

Cloud SOC
Delivers a threat dashboard and incident-response workflow to review and remediate insider threats, privileged user threats, and compromised accounts.
Data Exfiltration Analytics
Leverages machine learning to identify traffic patterns indicative of malware or botnets exfiltrating data from on-premises systems via shadow IT cloud services.
Unmatched IP Scanning
Analyzes outbound traffic to unknown destinations to identify malicious sites and services and enforce coarse-level governance policies.
Cloud Activity Monitoring
Provides a comprehensive audit trail of all user and administrator activities to support post-incident investigations and forensics.
Guided Learning
Provides human input to machine learning models with real-time preview showing the impact of a sensitivity change on anomalies detected by the system.

GOVERNANCE

Cloud Usage Discovery
Discovers all SaaS, PaaS, IaaS, and custom applications in use and visually summarizes traffic patterns, access count, and usage over time.
CloudTrust Ratings
Presents allowed and denied statistics and highlights gaps in cloud policy enforcement along with recommendations to close gaps.
Customizable Views and Reporting
Delivers pre-built reports and enables users to create custom views and reports, schedule periodic email reports, and download PDF, Excel, and CSV reports.
Cloud Registry
Provides the world’s largest and most accurate registry of cloud services, including thousands of services uncategorized by firewalls and proxies.
Cloud Service Governance
Provides a workflow to automatically or manually classify services based on risk criteria and enforce acceptable use governance policies through coaching and/or blocking.
Trend Analytics
Displays cloud service trends with 13+ months of data across multiple categories and dimensions to identify usage patterns and facilitate governance policy creation.
Activity Drilldown
Provides clickable drilldown to navigate from service-level upload statistics to granular user-level and event- level statistics with a complete activity feed for additional context.

DATA SECURITY

Contextual Access Control
Enables on-premises and mobile access control policies based on user, device, activity, and geography with coarse blocking and granular view, edit, and download permissions.
Digital Rights Management
Defines a circle of trust for any document and enforces rights management policies through integration with DRM solutions.

platform

Enterprise Connector
Collects logs from firewalls, proxies, SIEMs, and log aggregation products, integrates with LDAP solutions, and tokenizes sensitive data before uploading to the cloud.
Integration with SIEMs
Combine Z Services CASB anomaly and event data with events from other systems and leverage your existing incident remediation process.
Email Alerts
Provides instantaneous or periodic emails for service events including, new breaches, threats or vulnerabilities and user events fine-tuned to a desired threshold.
Flexible Deployment Options
Offers the ability to deploy Z Services CASB in the cloud, on premises as a virtual appliance, or in a hybrid model.
Integration with Firewalls/Proxies
Provides script, API, and ICAP-based integration allowing you to enforce access and security policies consistently across your existing firewalls and proxies.
Integration with MDM
Integrates with mobile device management solutions to enforce access control policies based on whitelisted devices and MDM certificates.
On-Network and Off-Network Support
Supports on-network and off-network access without requiring additional agents.
Comprehensive Deployment Architecture
Leverages a complete coverage model including log analysis, API integration, and inline forward and reverse proxy deployment to support all cloud access scenarios.
One of our cloud enablement specialists would be delighted to show you Skyhigh in action. Request A Demo

Z Services CASB by Skyhigh is the #1 CASB

Breadth of Functionality
Breadth of Functionality
Only CASB to provide DLP, threat protection, access control, and structured data encryption.
Breadth of Coverage
Breadth of Coverage
Only CASB to cover all users across all devices and support all cloud services, including custom apps on IaaS.
Platform Scalability
Platform Scalability
Only CASB that scales to support 2 billion cloud transactions per day at the world's largest global enterprises
Platform Security
Platform Security
Only CASB that is FedRAMP compliant, ISO 27001/27018 certified, and stores no customer data in our cloud.
Get a personalized assessment of all cloud services in use by your employees and their associated risk. Request A Cloud Audit