IT organizations are being asked to police policies they didn’t create, which naturally causes a lot of frustration because they lack the tools to actually accomplish the job.
Skyhigh Networks has announced the availability of Skyhigh Secure, a cloud service that promises to greatly simplify the management of compliance, which will make IT’s job a little bit easier.
According to Skyhigh Networks CEO Rajiv Gupta, Skyhigh Secure is specifically designed to give IT organizations tools to manage access control, application auditing, encryption and data loss prevention (DLP) that encompass mobile, cloud and traditional enterprise applications wherever they reside.
As a service, Skyhigh Secure is based on software that monitors Domain Name System (DNS) traffic as it comes through an Internet exchange service provided by Equinix, which is where the Skyhigh Secure service is actually hosted. That approach not only makes it easier to deploy Skyhigh Secure, Gupta says it creates an authentication architecture based on the Security Assertion Markup Language (SAML) that makes it impossible for end users to do an end run around compliance policies because all Web traffic for the organization is now routed through the Equinix exchange.
Without having to rely on deploying agent software on the client, Gupta adds that IT organizations can develop a baseline of application usage that will make it easier to identify any anomalies in patterns of usage for any particular application.
Ultimately, Gupta says the role of IT should be more focused on enablement than on compliance. But as it stands, in most organizations end users routinely use services that violate compliance policies, and they often wind up paying for capabilities that the organization has already contracted to deliver via another cloud service.
IT compliance issues are similar to the way police forces are asked to enforce ordinances created by city councils—in reality IT doesn’t have the tools or bandwidth to actually accomplish that, in much the same way police forces may not have the proper tools or staff to enforce a wide-reaching ordinance. And though it may come in handy to have that ordinance on the books, in reality the actual ordinance does little to change behavior. The good news is that at least from an IT perspective, the tools for enforcing compliance regulations are starting to catch up to the job that IT organizations are tasked with performing.