Skip to main content
Skyhigh Security

Version 2.6

What's New for Skyhigh for Shadow IT

Customizable Alert Thresholds

                  Administrators can now set alert thresholds for individual alerts by percentages, so that alerts only trigger if they change by more than the percentage for those scores. For example, if a risk alert is set to 30%, an alert will be triggered if the risk score changes more than 30%.

Print to PDF

                  You can now convert any Executive Summary page into a PDF by clicking the new “Print to PDF” button on the selected page.

Searchable Omnibar Saved Views

                  You most frequently accessed Omnibar saved views can now be searched directly from the Omnibar, instead of having to be accessed from the Saved View menu.

New Login Page

                  The login page has been updated with a more modern design. There is no change to functionality.

Service Governance: Omnibar Querying for Custom Service Attributes

                  Customers can now use the custom Service Attributes to designate certain services as “Approved”, “Denied”, or “Permitted”. This feature improvement enables the Omnibar to search these custom Service Attributes to more easily filter services by approved

Request Cloud Service Additions to Global Registry 

                 Customers can now request new additions to the Global Registry from the Cloud Access Security Broker. When you discover a new service you wish to include in the registry, click the “Add a Service” button on the Global Registry page, enter the necessary information and click submit. This information is sent to our Threat Protection team who will process the request to add the service to our Global Registry within 2-3 days.


What’s New in Skyhigh for Sanctioned IT

Skyhigh for Dropbox

                  Skyhigh CASB for Dropbox enables security teams to evaluate DLP policies against data-at-rest within your Dropbox for Business or Enterprise deployments.

On-Demand Scanning for Google Drive

                  Apply DLP policies to data at rest in Google Drive to identify sensitive information and policy violations that may already be in the cloud.

Improved Skyhigh Secure Content Integrator for Office 365

The Skyhigh CASB Secure Content Integrator for Office 365 provides API connection for SharePoint and OneDrive. Enhancements to our connector application allow the application to be upgraded and deployed to multiple site collections with a single action.

Quarantine Workflow for API-based Encryption

                  Skyhigh CASB for Box now supports a quarantine workflow for API-based encryption so that an original file and its version history can be restored to the end user in event of a false positive.

Time-Based Filter for On-Demand Scan

                  On-Demand Scans can now be run against data that has been updated, uploaded, or created within a specified timeframe.. For example, you can configure a scan to evaluate policies against data that has been added or updated in the last 30 days, which can help to manage scan performance for mature cloud deployments with TB of data.

Auto-Delete Quarantined Files

                  Skyhigh CASB admins now have two choices for how quarantined files can be automatically managed if not acted upon after a pre-defined timeframe. In addition to the preexisting auto-restore, Skyhigh CASB admins can select to have files auto-delete if not manually acted on within a timeframe established by the user.

Additional Quarantine Information

                  The Quarantine interface features a new Response column that specifies whether a file was quarantined or encrypted. The files in the Quarantine interface can be filtered based on quarantine or encrypted. This will assist administrators to more quickly deal with files waiting in quarantine.

Cloud Access Policies

                  Cloud access policies let you control access to the cloud based on a set of user-defined rules. Using cloud access rules, administrators can set rules based on any combination of services, user groups, devices or activities (such as download or upload) and respond by allowing access, blocking access, requiring the registration of the device or requiring step-up authorization. Cloud access policies can even parse SAML attributes to determine authorization for accessing certain services or sites.

SOAP Support in Skyhigh for ServiceNow

SOAP is a web service that allows users to query, modify, read and write list items. ServiceNow has recently introduced SOAP support, and in turn Skyhigh CASB for ServiceNow has introduced support for interacting with ServiceNow through SOAP. Users can connect to ServiceNow through a SOAP interface to directly interact with their ServiceNow content. SOAP support allows Skyhigh CASB users to connect to ServiceNow through the Skyhigh CASB Proxy, take all unencrypted data inside a user’s ServiceNow instance, download it and upload it as encrypted data.

Searchable Symmetric Encryption for Skyhigh for Box

                  Data can now be stored in Box in a format that is simultaneously encrypted and searchable. Only users who connect to Box or Salesforce through the Skyhigh CASB Reverse Proxy will be able to view the encrypted data in plain text or perform the searches. Preview functionality will not be preserved. This is a beta feature that may not be available to all users.

Improved Searchable Symmetric Encryption for Skyhigh for Salesforce

The searchable symmetric encryption for our Skyhigh CASB for Salesforce product can now be applied to larger text fields. Use of Searchable Symmetric Encryption requires use of the Skyhigh CASB for Salesforce search app.

Compatibility Updates for Skyhigh for Salesforce

Our Skyhigh CASB for Salesforce product has been updated to be compatible with Salesforce’s Winter ’16 update to ensure there is no loss of functionality for any Skyhigh CASB features.

Improvements to the Device Registration Portal

The customizable device registration portal can now up to five user input fields. These fields can be defined while setting up the device registration portal and accept a text string that is stored and reported on after end users complete registration. These input labels can be customized based on the end-user’s device type.


For example, administrators may wish to have end users capture their MAC addresses when accessing via a computer or IMEI numbers when using an iOS device while registering their devices.

Internationalized Order Preserving Encryption

Our order preserving encryption allows encrypted data to maintain sort functionality even while encrypted. This update also allows sort behavior even when the encrypted text contains words from multiple languages.


For example, when international users are unable to translate a particular technical term, they may revert to entering the English equivalent. While traditional order preserving encryption cannot maintain sort behavior when the lines contain a mix of different languages, Internationalized order preserving encryption does not have this limitation.


This feature is under limited release. Please contact your customer success manager to enable.

What’s New in Skyhigh Enterprise Connector

Custom Attribute Tokenization

Administrators can now opt to have custom attributes pulled from an Active Directory server (such as a user’s department or location) tokenized before it is sent to the Skyhigh CASB servers. Your data will not be stored in the clear on our servers and tokenization mapping doesn’t leave customer’s premises.

Subnet Aggregation Whitelist

Administrators can now submit a list of Cloud Service Providers they wish to exclude from Subnet Aggregation and therefore be able to drill-down activities for particular user. This whitelist is managed through a CSV file saved in the Enterprise Connector installation home directory.

Proxy Whitelist for Enterprise Connector

Certain customers may find the need to specify certain EC IP addresses to not pass through their proxy configured for communication with external network. The new Proxy Whitelist will allow administrators to configure this list of IP addresses to enable local traffic to bypass the proxy (but can be accessed only via VPN) for inter-EC-communication.

  • Was this article helpful?