What's New for Skyhigh for Shadow IT
Administrators can now set alert thresholds for individual alerts by percentages, so that alerts only trigger if they change by more than the percentage for those scores. For example, if a risk alert is set to 30%, an alert will be triggered if the risk score changes more than 30%.
You can now convert any Executive Summary page into a PDF by clicking the new “Print to PDF” button on the selected page.
You most frequently accessed Omnibar saved views can now be searched directly from the Omnibar, instead of having to be accessed from the Saved View menu.
New Login Page
The login page has been updated with a more modern design. There is no change to functionality.
Service Governance: Omnibar Querying for Custom Service Attributes
Customers can now use the custom Service Attributes to designate certain services as “Approved”, “Denied”, or “Permitted”. This feature improvement enables the Omnibar to search these custom Service Attributes to more easily filter services by approved
Customers can now request new additions to the Global Registry from the Cloud Access Security Broker. When you discover a new service you wish to include in the registry, click the “Add a Service” button on the Global Registry page, enter the necessary information and click submit. This information is sent to our Threat Protection team who will process the request to add the service to our Global Registry within 2-3 days.
What’s New in Skyhigh for Sanctioned IT
Skyhigh CASB for Dropbox enables security teams to evaluate DLP policies against data-at-rest within your Dropbox for Business or Enterprise deployments.
On-Demand Scanning for Google Drive
Apply DLP policies to data at rest in Google Drive to identify sensitive information and policy violations that may already be in the cloud.
Improved Skyhigh Secure Content Integrator for Office 365
The Skyhigh CASB Secure Content Integrator for Office 365 provides API connection for SharePoint and OneDrive. Enhancements to our connector application allow the application to be upgraded and deployed to multiple site collections with a single action.
Quarantine Workflow for API-based Encryption
Skyhigh CASB for Box now supports a quarantine workflow for API-based encryption so that an original file and its version history can be restored to the end user in event of a false positive.
Time-Based Filter for On-Demand Scan
On-Demand Scans can now be run against data that has been updated, uploaded, or created within a specified timeframe.. For example, you can configure a scan to evaluate policies against data that has been added or updated in the last 30 days, which can help to manage scan performance for mature cloud deployments with TB of data.
Auto-Delete Quarantined Files
Skyhigh CASB admins now have two choices for how quarantined files can be automatically managed if not acted upon after a pre-defined timeframe. In addition to the preexisting auto-restore, Skyhigh CASB admins can select to have files auto-delete if not manually acted on within a timeframe established by the user.
Additional Quarantine Information
The Quarantine interface features a new Response column that specifies whether a file was quarantined or encrypted. The files in the Quarantine interface can be filtered based on quarantine or encrypted. This will assist administrators to more quickly deal with files waiting in quarantine.
Cloud Access Policies
Cloud access policies let you control access to the cloud based on a set of user-defined rules. Using cloud access rules, administrators can set rules based on any combination of services, user groups, devices or activities (such as download or upload) and respond by allowing access, blocking access, requiring the registration of the device or requiring step-up authorization. Cloud access policies can even parse SAML attributes to determine authorization for accessing certain services or sites.
SOAP Support in Skyhigh for ServiceNow
SOAP is a web service that allows users to query, modify, read and write list items. ServiceNow has recently introduced SOAP support, and in turn Skyhigh CASB for ServiceNow has introduced support for interacting with ServiceNow through SOAP. Users can connect to ServiceNow through a SOAP interface to directly interact with their ServiceNow content. SOAP support allows Skyhigh CASB users to connect to ServiceNow through the Skyhigh CASB Proxy, take all unencrypted data inside a user’s ServiceNow instance, download it and upload it as encrypted data.
Searchable Symmetric Encryption for Skyhigh for Box
Data can now be stored in Box in a format that is simultaneously encrypted and searchable. Only users who connect to Box or Salesforce through the Skyhigh CASB Reverse Proxy will be able to view the encrypted data in plain text or perform the searches. Preview functionality will not be preserved. This is a beta feature that may not be available to all users.
Improved Searchable Symmetric Encryption for Skyhigh for Salesforce
The searchable symmetric encryption for our Skyhigh CASB for Salesforce product can now be applied to larger text fields. Use of Searchable Symmetric Encryption requires use of the Skyhigh CASB for Salesforce search app.
Compatibility Updates for Skyhigh for Salesforce
Our Skyhigh CASB for Salesforce product has been updated to be compatible with Salesforce’s Winter ’16 update to ensure there is no loss of functionality for any Skyhigh CASB features.
Improvements to the Device Registration Portal
The customizable device registration portal can now up to five user input fields. These fields can be defined while setting up the device registration portal and accept a text string that is stored and reported on after end users complete registration. These input labels can be customized based on the end-user’s device type.
For example, administrators may wish to have end users capture their MAC addresses when accessing via a computer or IMEI numbers when using an iOS device while registering their devices.
Internationalized Order Preserving Encryption
Our order preserving encryption allows encrypted data to maintain sort functionality even while encrypted. This update also allows sort behavior even when the encrypted text contains words from multiple languages.
For example, when international users are unable to translate a particular technical term, they may revert to entering the English equivalent. While traditional order preserving encryption cannot maintain sort behavior when the lines contain a mix of different languages, Internationalized order preserving encryption does not have this limitation.
This feature is under limited release. Please contact your customer success manager to enable.
What’s New in Skyhigh Enterprise Connector
Administrators can now opt to have custom attributes pulled from an Active Directory server (such as a user’s department or location) tokenized before it is sent to the Skyhigh CASB servers. Your data will not be stored in the clear on our servers and tokenization mapping doesn’t leave customer’s premises.
Subnet Aggregation Whitelist
Administrators can now submit a list of Cloud Service Providers they wish to exclude from Subnet Aggregation and therefore be able to drill-down activities for particular user. This whitelist is managed through a CSV file saved in the Enterprise Connector installation home directory.
Certain customers may find the need to specify certain EC IP addresses to not pass through their proxy configured for communication with external network. The new Proxy Whitelist will allow administrators to configure this list of IP addresses to enable local traffic to bypass the proxy (but can be accessed only via VPN) for inter-EC-communication.