Coming Soon in our Next Release

Export or Import Classifications Across Multiple Tenants 

The Skyhigh SSE introduces the ability to export and import data classifications between different tenants, simplifying the management of complex, multi-tenant deployments.

Admins can now perform bulk transfers of validated classifications across global and regional tenants. This eliminates the need to manually recreate complex criteria in each tenant, allowing for the seamless movement of classifications while maintaining full configuration integrity.

Key Benefits

• Consistent Policy Enforcement. Ensure uniform security and compliance standards across your entire organization by sharing identical classification criteria.
• Operational Efficiency. Significantly reduce administrative overhead by eliminating the manual recreation of classifications in each new tenant.
• Error Reduction. Minimize the risk of human error and configuration drift during multi-tenant setup.

 Updated Canadian PII Classification 

This release expands the pre-canned Canadian Personally Identifiable Information (PII) classification to include territorial integration for Yukon, the Northwest Territories, Nunavut, British Columbia, Newfoundland and Labrador, Nova Scotia, Prince Edward Island, and New Brunswick.

The Canadian PII classification has been updated to precisely identify regional data identifiers for these specific territories, ensuring comprehensive data protection across all Canadian regions.

Key Benefits

• Expanded Territorial Coverage. Automatically classify sensitive data specific to Yukon, the Northwest Territories, Nunavut, British Columbia, Newfoundland and Labrador, Nova Scotia, Prince Edward Island, and New Brunswick
• Regional Data Identification. Accurately detect territorial identifiers, including regional driver’s licenses and associated Social Insurance Numbers (SINs)
• Regulatory Compliance. Facilitate strict adherence to both federal and local data privacy regulations throughout Canada

Integrate ICAP-based DLP for Unified Data Protection 

Skyhigh now offers an Internet Content Adaptation Protocol (ICAP)-based DLP service that integrates Skyhigh DLP with third‑party proxies. This capability enables centralized inspection of data in motion without requiring changes to existing network infrastructure. This integration is facilitated by connecting with a third-party web gateway that supports bidirectional ICAP for traffic redirection.

Key Benefits

• Gain full visibility into data in motion across all web traffic from a single policy layer
• Provide ICAP as a service for third- party web gateway or proxies to send traffic for inspection via Skyhigh DLP
• Enforce centralized DLP policies consistently across cloud and on‑premises web traffic
• Ensure secure, encrypted connectivity between proxies and the DLP service for safe content inspection

This enhancement unifies data protection under the Skyhigh Data Protection platform, delivers consistent DLP enforcement across environments, and strengthens data protection through centralized visibility and control over sensitive information in motion.

Access Evidence Details from Incident API 

The incident API response now includes evidenceStorageKey and matchesStorageKey fields for Web incidents. These keys allow SOC teams and integration partners to programmatically retrieve forensic evidence and match highlights directly through the incident API, removing the need for manual data retrieval from the Skyhigh SSE console.

View File Location for CSPs in Data Explorer 

The DSPM has standardized how file and message locations are displayed in Data Explorer across supported Cloud Service Providers (CSPs), namely, O365, S3, Google Chat, OneDrive, Box, and SharePoint. This facilitates admins with intuitive, human-readable paths instead of complex technical identifiers, ensuring consistent and clear visibility across supported Cloud Service Providers (CSPs).

With this enhancement, admins gain a more intuitive and comprehensive view of their data landscape:

• View Human-Readable Paths. Admins can see the exact folder hierarchy for files stored in Google Drive, Box, and OneDrive. This matches the structure found in the native CSP consoles, making it easier to verify file locations.
• Identify Chat Context. For communication platforms like Google Chat and Slack, the Data Explorer now displays critical context such as the sender, timestamp, and the specific conversation or channel name where the data was found.
• Navigate DSPM Events. Precise location data is now accessible for infrastructure-as-a-service (IaaS) events, providing details such as AWS S3 bucket paths and Azure storage account specifics.

By providing clear, actionable location data, this improvement significantly reduces the Mean Time to Remediate (MTTR). SOC teams can now pinpoint the exact source item of a data violation instantly, eliminating the need for time-consuming manual searches across multiple cloud environments.

Minor Enhancements

Automate User Identity Lifecycles with SCIM Provisioning 

Skyhigh now supports System for Cross-domain Identity Management (SCIM)-based provisioning to simplify identity lifecycle management and strengthen Zero Trust enforcement. SCIM establishes your Identity Provider (IdP) as the centralized source of truth for all user lifecycle events, including onboarding, role changes, and offboarding. Skyhigh Security synchronizes updates from the IdP in near real-time to ensure consistent access governance and improve audit readiness.

Key Benefits

Enterprise environments often face fragmented identity management and security gaps due to manual account creation. SCIM-based provisioning addresses these challenges through several key enhancements:

• Zero Trust Enforcement. Newly provisioned users receive no access by default. Users gain access only after an administrator applies the appropriate role mappings in Skyhigh.
• Immediate Access Revocation. When you remove a user from the IdP, Skyhigh instantly revokes their access and moves the account to an inactive state to maintain audit traceability.
• Centralized Governance. Skyhigh restricts individual user-level edits for provisioned users. This ensures that all modifications occur at the IdP or group level for better integrity.
• Operational Efficiency. Group-to-role mapping in Skyhigh allows administrators to map specific roles to IdP groups. Once this mapping is established, any user added to that group in your IdP automatically inherits the assigned permissions. This streamlines user onboarding by eliminating the need for manual, one-by-one role assignments for every new user.  

Automate Google Drive Data Security with Label Responses 

Skyhigh Security enhances its existing Google Drive integration by introducing context-aware classification labels. This capability allows the policy engine to evaluate Google Drive’s sensitive files and automatically apply security or classification labels supporting up to 10 customizable metadata fields per label. Admins can now use classification labels to automatically organize files, improving Data Loss Prevention (DLP). 

Key Benefits

Organizations require automated mechanisms to protect sensitive data stored in Google Workspace. This feature helps:

• Automating Data Security. Administrators can configure policies to automatically tag files that match defined criteria.
• Enhancing Visibility. The system applies classification label responses to files based on the configured DLP policies.
• Improving File Organization. Metadata tagging allows organizations to classify and manage files efficiently without manual intervention.