In a recent interaction, the CCO of Skyhigh Security, Abhay Solapurkar highlights the market needs that the company is addressing in India, future plans, their products, and much more.
What specific market need(s) is Skyhigh security addressing considering the cloud security market is teeming with players across sizes?
Two things influence how the cloud security market interacts with clients today. The first is about enterprises’ digital transformation as they adopt more cloud services and shift more of their apps to the cloud, and the second is about what has unfolded in recent years with the remote workforce. This is especially true in India, due to the country’s enormous IT sector.
In this setting, the basic security model that has worked for decades fails. Previously, it was completely localised, with all personnel in a workplace building and all data in their data centre, which could be surrounded by a high level of protection. Because data is now everywhere, a new sort of security technique is required. Your security must be in the cloud as well, and so this is a relatively new transformation in the security industry.
Skyhigh Security focuses particularly on the Security Service Edge (SSE) market within cloud security. We have developed a completely different approach to cloud security. Concentrate on the data if you want to secure it. So, the policy, the enforcement, everything revolves around the data, regardless of where the data resides. This is known as our data-aware approach. When these security capabilities existed on-premises, you could stack several vendors and have all traffic go through this extremely sophisticated vendor and technology stack in the cloud area. That’s prohibitive because there’s a significant penalty for steering your traffic from one vendor cloud to another, and you’d prefer it to only steer it to one cloud.
Even though Skyhigh Security is a new company, we have strong technical roots. We have a wide range of technology that is over a decade old, and we have been a leader in this cloud journey since before the cloud market ever existed. Many of our products were among the first to hit the market as part of the McAfee Enterprise product range, which also included a large development centre in Bengaluru.
How does SSE differ from Secure Access Service Edge (SASE)?
Gartner coined the term SASE to describe an architecture that combines software-defined wide-area networks (SD-WANs) with a portfolio of cloud-based security tools – including SWG, CASB, and ZTNA. The goal of SASE is to shift from traditional perimeter protections to identity-based controls that securely connect people with data and applications from any device and location, even when they aren’t on the VPN. For large enterprises, transitioning to a full SASE system is a lengthy process. Gartner also introduced Security Service Edge (SSE) in early 2021 as a single-vendor, cloud-centric converged solution that accelerates digital transformation by securing enterprise access to the web, cloud services, Software-as-a-Service, and private applications. It is regarded as a critical component in constructing cloud and networking security capable of supporting increased performance and expansion. Recognizing that all-or-nothing approaches are impractical at a time of urgency, Gartner proposed splitting the security and SD-WAN components and unifying the former under the banner of SSE.
How did the pandemic change you as a leader?
Pandemic has become a game-changer overnight, and some of the generational industry norms have been altered forever. Today, you don’t need your teams to be in the office to provide all kinds of services, and the standard operating norm has become remote/hybrid. The companies will have to adapt and embrace the new beginning. As a leader, one has to focus a lot more on the health, and well-being of the employee and their family. Mental and emotional issues have caused an impact, and as a leader, one needs to lead with a lot more empathy and a high degree of emotional intelligence. As the older norms of governance don’t hold good, trust and employee engagement needs to be handled with a lot more care and love. Employee onboarding must be done a lot more differently, and psychological safety should be a top priority. Leadership is not only about getting results but also about creating a safe, conducive environment for employees to grow, provide feedback, and talk openly about issues impacting their well begin. Leadership in this era requires a different level of finesse, EQ, and ability to lean in, at all levels. Employee connect is also a focus area as folks are working remotely, and we’re only able to connect virtually, so the connection is more important than what was prevalent in the past. Leadership is all about leading with humility and learning to embrace the new era of managing employees remotely and still getting the work done. It is all about the balance between your personal and professional lives, and leaders need to lead to show the path to that fine balance.
Can you tell a bit about your business model, market and competition?
We have created a one-of-a-kind platform that allows us to grow capabilities and meet the needs of numerous ecosystem partners around the world. So, whether the needs are highly controlled or unregulated, we can create for them. We deal directly with customers as well as partners through whom we go to market. We already support 3000 customers worldwide, and our goal is to serve not only huge corporations but also smaller organizations that lack the capacity of larger organizations. Our goal is to simplify and economically democratize access to SSE solutions.
Skyhigh Security can also integrate data loss security from cloud to endpoint platforms, so we partner with hyperscalers while also being their significant clients, as we use some of those cloud providers to support our own products. As customers migrate to the cloud, the ability to see where their data is and how to protect it leads to a plethora of value-added services on top of the platform. We have already started engaging with channel partners to have them begin to put services on top of our platform, which will all be formalized over the next quarter.
What level of technical support is included in your standard SLA?
Our overarching goal is to provide best-in-class support services to our esteemed customers and ecosystem partners, enabling them to maximize their investment in the Skyhigh Security product portfolio. We have designed our support plans to help customers take maximum advantage of our services. At a broad level, we have three care plans: Skyhigh Premium Care Plan, Skyhigh Enterprise Care Plan, and Skyhigh Basic care plan. All products come with the Skyhigh Basic Care Plan, which includes basic deployment, education services, and standard support.
Below the SLA details by Care Plans:
SLAs | Skyhigh Premium Care Plan | Skyhigh Entperise Care Plan | Skyhigh Basic Care Plan |
Sev 1 | 30 min response | 1 hour response | 2- 4 hour response |
Sev 2 | 1 hour response | 2 hour response | 4-8 hour response |
Any niche plans/ambitions in India to become the top player in the security segment?
In February this year, Gartner has recognised Skyhigh Security as the leader in the inaugural Magic Quadrant for Security Service Edge (SSE). We intend to concentrate on that market and improve our expertise in securing cloud workloads. Then we examine our target industries in two ways. There are industries that have a lot of compliance and rules related to their data, and then there are those that don’t. We service a lot of verticals that are extremely regulated, and compliance focused since we focus on data and were one of the first firms to do so, and because we speak their language around data, we can give them the visibility and protection they need in their highly regulated settings. That is why we operate extensively in the financial services, healthcare, and government sectors.
Aside from those sectors, there are others that seek to protect their data but may not employ the language of compliance and regulatory framework that we find in the previously stated verticals. As a result, transitioning from heavily regulated businesses to non-regulated industries is easier than the other way around. We also collaborate with and seek to develop our customer base in large, global IT and manufacturing firms. These are the segments that we will concentrate on in India as well because they have a strong presence there.
What would be the CISOs takeaway from Skyhigh Security?
Indian businesses face the same issues as businesses elsewhere. They are becoming more focused on data and on sharing that data through collaboration among staff, partners, and customers. And they’re doing it mostly in a hybrid work environment, which means that while data is now everywhere, so are employees, customers, and partners. This presents CISOs with a unique issue because they want open flow of data so that everyone may collaborate and work successfully. They still want to be able to protect sensitive data, so when people and data are everywhere, the difficulty becomes managing it all in a secure manner.
What remains true is that most breaches are caused by someone connecting to the network and gaining access to the data, rather than by breaking into these systems, and thus protecting the data through the employees’ eyes is vital. CISOs may secure their sensitive data to a degree by adopting a zero-trust posture, having strong email protection capabilities, as well as web access capabilities, and, of course, robust monitoring and visibility on how individuals are utilising SaaS assets.