Skyhigh Networks raises $20M to control unauthorized cloud programs used in the enterprise

By Richard Nieva , written on May 22, 2013

From The News Desk

It’s hard to ignore the promise of the cloud. But it’s still tough to get adoption from many large enterprises because of security concerns that have to do with unprotected company data on offsite storage centers.

On top of that, it’s hard to keep track of just what cloud-based programs employees are using on their devices, from Salesforce to Dropbox to YouSendIt, to any number of others services. Each external connection means one additional potential security vulnerability, multiplied by thousands of people. Cupterino, CA-based Skyhigh Networks aims to solve that problem and make those cloud-based programs more IT-friendly by stealthily commandeering workers' devices remotely. Today the company announced a $20 million Series B led by Sequoia Capital, with participation from Greylock Partners.

Here’s how the security system works: The software has a “searchlight” feature that detects what cloud programs are being used to handle company data. With employees so enamored with bringing their own personal mobile devices to work, that means a lot more programs in use than were approved by companies’ IT departments. CEO and cofounder Rajiv Gupta mentions one large company, with more than 100,000 employees and contractors, which had authorized about 90 cloud-based programs for use. After running Skyhigh over a couple of months, the company discovered about 900 programs in use.

When the software finds an unapproved program, it assesses how big a risk that program is. If it’s too much of a risk, IT can block it from handling company data. Or it can do things to the program to make it more compliant. For example, it can give IT control over who accesses files and from what location, or give IT the power to encrypt information, like masking credit card numbers. The service can also monitor unusual behavior from such accounts. Gupta mentions one instance where Skyhigh detected a spam attack because a baffling thousand Tweets were sent out from an account in one day.

Gupta says that one of most common higher-risk unauthorized programs that Skyhigh has uncovered for many client companies is a service called 4share. It ranks a 6 out of ten on the risk meter because it lets users share files anonymously.

Aaref Hilaly, a partner at Sequoia, is quick to point out that the service is “respectful to an end user," not affecting any other non-work-related part of an employees personal device, and not requiring anything to be downloaded.

The cloud security space has been heating up for quite some time. While Skyhigh is focused on cloud management and discovery, there are a number of formidable competitors in the general space, including Ionic Security and CipherCloud. Skyhigh’s big infusion of funds will help its growth. Gupta says the money will go to building out sales and engineering teams.

Skyhigh’s funding announcement doesn’t come free of hyperbole. The company guarantees it will find at least 30 cloud-based programs in 30 minutes that IT departments have not approved. If it doesn’t, Skyhigh will pay for 30 months of Netflix for participants. But the offer comes across as a toothless marketing ploy since the company is so confident it will be able to find at least 30 services. I asked Gupta what “participants” means, and he wasn’t quite sure how a payout would work.

Perhaps there is a little irony to the fact that Netflix is famously one of the biggest companies running on Amazon Web Services, the company’s cloud storage offering.

Update: In an email, Gupta wanted reiterated that the Netflix guarantee is a formal, redeemable offer: "By 'participants' we mean that one person (one subscription per company) will receive 30 months of Netflix if we are unable to discover 30 unknown services in 30 minutes.  It’s up to the company to decide who gets it."