Skyhigh Private Access provisions secure access to corporate applications from any device and location. Skyhigh Private Access converges with Skyhigh SSE (SEE), which includes Skyhigh CASB and WSGS to offer unified visibility, granular access control, and end-to-end data protection from a unified cloud management console.
Furthermore, Skyhigh Private Access is integrated with Data Loss Prevention (DLP) and Remote Browser Isolation (RBI) capabilities. You can apply DLP policies to perform data inspection, data classification, prevent inappropriate handling of sensitive data and block malicious file uploads. With RBI policies, you can protect private applications from risky and untrusted unmanaged devices by isolating the web sessions and allow read-only access to the applications.
Skyhigh Private Access provides secure access to resources regardless of user or application environment. Using this ZTNA (Zero Trust Network Access) approach assumes every access attempt originates from an untrusted network. Access to any resource is denied by default and grants explicit access only after authenticating and authorizing. It dynamically enforces security and access decisions based on the identity, device, and user context. Skyhigh Private Access enables tighter network security, micro-segmentation, and limits lateral movement if a breach occurs.
Private Access Use Cases
Skyhigh Private Access ensures that users can only see specific applications and resources explicitly permitted by their corporate security policy.
For example, you can create an access policy and grant SSH access to one application (GitHub) and HTTPS access to another application (JIRA) to a user (Tom). Now, Tom can access Github through SSH and JIRA through HTTPS, and Tom is denied access to other corporate applications and resources.
- Strong authentication — Skyhigh Private Access supports SAML authentication to provide strong authentication and a single-sign-on (SSO) experience. Each connection and session is authenticated based on the access policy and SAML authentication.
- Device security posture compliance — Monitors the device security posture continuously. The device must comply with the set of criteria in order to gain access to the application. The device profile includes device attributes such as the device operating system name, version, presence of specific antivirus software, if the fixed disk of the device is unencrypted, and the Enterprise CA certificate.
- Continuous assessment — Every user request and device is authenticated and authorized before granting access. The health of the device and private application is monitored and accounted for continuously.
- End-to-end encrypted secure communication — All communication from Skyhigh Private Access software to a private application is encrypted and facilitated over a secure tunnel.
- Context aware granular access — Create granular access to specific applications and resources through access policies limiting users to access only the applications that they are entitled to.
Advantages of Private Access over VPN
Corporate resources are moving out of enterprise boundaries (public clouds and private data centers), user-owned devices, and remote workers have challenged organizations to protect their network and sensitive data. The network-centric approach to security and access is no longer sufficient to protect the company's assets.
Traditional Virtual Private Network (VPN) introduces the risk of excessive data exposure, as any remote user with valid login keys can get complete access to the entire internal corporate network and all resources within. With remote working becoming the new normal and organizations moving towards cloud-first deployments, organizations now need a new security model to adapt to the complexity of dynamic business environments. Skyhigh Security offers Skyhigh Private Access, an integrated approach to enable granular zero trust access.