Skyhigh Security Cloud Data Retention
This is the data retention policy for the Skyhigh Security Cloud Platform, including all products and components.
The data retention policy for web access log data is set by Skyhigh Security. Collected data is kept in the databases for 100 days. Customers can purchase the SSE Data Retention option to restore the data for 365 days. It is deleted immediately after this retention period or, prior to this, upon receiving written instruction from a customer.
The data in the Skyhigh CASB for Shadow IT cloud infrastructure is aggregated on a daily, weekly, and monthly basis. Aggregation keeps daily data for 45 days, weekly data for 13 weeks, and monthly data for 14 months. Daily data is rolled up to weekly, and weekly is rolled up to monthly. Any data older than 14 months is deleted by default. Sanctioned data is set at 100 days unless the Skyhigh SSE Data Retention option is purchased which extends the data retention for a full year (10% of the price of the applicable Skyhigh Security Service Edge subscriptions being sold or renewed. The 10% applies for all deals $200K or above. For deals under $200K, the addon is a flat charge of $20K).
Skyhigh CASB's data retention policy applies to Sanctioned and Shadow data differently.
| Sanctioned Data | Shadow Data | |||||||
|---|---|---|---|---|---|---|---|---|
| Threats | Anomalies | Activities | Incidents | Audit Logs | Reports | Monthly | Weekly | Daily |
| 100 days | 100 days | 100 days | 100 days | 100 days | 100 days | 13 months | 13 weeks | 45 days |
The Sanctioned Data is governed by the total count of incident number per incident type. By default, the maximum number of incidents is 2M. If you have purchased the Extended Sanctioned Data Plan, your data retention period for Sanctioned Data is 12 months instead of 100 days, and the maximum number of incidents is 7M.
If you would like to extend your data retention, contact Skyhigh Security Sales.
For details about Data Retention for GDPR, see About the GDPR.
Web policy data retention time is not determined by Skyhigh Security. This retention time is under the control of the customers.
Infrastructure/operational logs and telemetry data retention times depend on operational needs and legal requirements.
Policies
Skyhigh Security’s Data Privacy Page is posted on our Legal Homepage. In addition to the Privacy Notice, Skyhigh’s standard Customer Data Processing Agreement and Cloud Services Agreement are also posted on the homepage.
Termination of Contract and Return of Stored Data
Musarubra (Skyhigh Security) agrees to negotiate terms upon your decision to pursue the Musarubra (Skyhigh Security and Trellix) solution. Musarubra (Skyhigh Security and Trellix) will meet the options defined in the termination of a service contract. Musarubra (Skyhigh Security and Trellix) acknowledges that returning/erasing customer data upon termination of an agreement is a requirement as per the GDPR.