Skyhigh Security Cloud 7.1.0 Release Notes (June 2026)

Export or Import Classifications Across Multiple Tenants 

The Skyhigh SSE introduces the ability to export and import data classifications between different tenants, simplifying the management of complex, multi-tenant deployments.

Admins can now perform bulk transfers of validated classifications across global and regional tenants. This eliminates the need to manually recreate complex criteria in each tenant, allowing for the seamless movement of classifications while maintaining full configuration integrity. For details, see Export or Import a Classification.

Key Benefits 

• Consistent Policy Enforcement. Ensure uniform security and compliance standards across your entire organization by sharing identical classification criteria.
• Operational Efficiency. Significantly reduce administrative overhead by eliminating the manual recreation of classifications in each new tenant.
• Error Reduction. Minimize the risk of human error and configuration drift during multi-tenant setup.

▶ Explore Navigation Details and User Interface

Navigation Path: To export Classifications, go to Policy > DLP Policies > Classifications > select the classifications to be exported from the Classifications table > Actions drop-down > Export Classifications

Navigation Path: To import Classifications, go to Policy > DLP Policies > Classifications > Actions drop-down > Import Classifications

Updated Canadian PII Classification  

This release expands the pre-canned Canadian Personally Identifiable Information (PII) classification to include territorial integration for Yukon, the Northwest Territories, Nunavut, British Columbia, Newfoundland and Labrador, Nova Scotia, Prince Edward Island, and New Brunswick.

The Canadian PII classification has been updated to precisely identify regional data identifiers for these specific territories, ensuring comprehensive data protection across all Canadian regions. For a list of pre-canned Classifications, see Pre-canned Classifications.

Key Benefits 

• Expanded Territorial Coverage. Automatically classify sensitive data specific to Yukon, the Northwest Territories, Nunavut, British Columbia, Newfoundland and Labrador, Nova Scotia, Prince Edward Island, and New Brunswick
• Regional Data Identification. Accurately detect territorial identifiers, including regional driver’s licenses and associated Social Insurance Numbers (SINs)
• Regulatory Compliance. Facilitate strict adherence to both federal and local data privacy regulations throughout Canada

Integrate ICAP-based DLP for Unified Data Protection  

Skyhigh now offers an Internet Content Adaptation Protocol (ICAP)-based DLP service that integrates Skyhigh DLP with third‑party proxies. This capability enables centralized inspection of data in motion without requiring changes to existing network infrastructure. This integration is facilitated by connecting with a third-party web gateway that supports bidirectional ICAP for traffic redirection. For details, see Integrate ICAP-based DLP for Unified Data Protection.

Key Benefits 

• Gain full visibility into data in motion across all web traffic from a single policy layer
• Provide ICAP as a service for third- party web gateway or proxies to send traffic for inspection via Skyhigh DLP
• Enforce centralized DLP policies consistently across cloud and on‑premises web traffic
• Ensure secure, encrypted connectivity between proxies and the DLP service for safe content inspection

This enhancement unifies data protection under the Skyhigh Data Protection platform, delivers consistent DLP enforcement across environments, and strengthens data protection through centralized visibility and control over sensitive information in motion.

Access Evidence Details from Incident API 

The incident API response now includes evidenceStorageKey and matchesStorageKey fields for Web incidents. These keys allow SOC teams and integration partners to programmatically retrieve forensic evidence and match highlights directly through the incident API, removing the need for manual data retrieval from the Skyhigh SSE console. For details, see Incident API Knowledge Base.

View File Location for CSPs in Data Explorer 

The DSPM has standardized how file and message locations are displayed in Data Explorer across supported Cloud Service Providers (CSPs), namely, O365, S3, Google Chat, OneDrive, Box, and SharePoint. This facilitates admins with intuitive, human-readable paths instead of complex technical identifiers, ensuring consistent and clear visibility across supported Cloud Service Providers (CSPs). For details, see View Objects Detail Card.

With this enhancement, admins gain a more intuitive and comprehensive view of their data landscape:

• View Human-Readable Paths. Admins can see the exact folder hierarchy for files stored in Google Drive, Box, and OneDrive. This matches the structure found in the native CSP consoles, making it easier to verify file locations.
• Identify Chat Context. For communication platforms like Google Chat and Slack, the Data Explorer now displays critical context such as the sender, timestamp, and the specific conversation or channel name where the data was found.
• Navigate DSPM Events. Precise location data is now accessible for infrastructure-as-a-service (IaaS) events, providing details such as AWS S3 bucket paths and Azure storage account specifics.

By providing clear, actionable location data, this improvement significantly reduces the Mean Time to Remediate (MTTR). SOC teams can now pinpoint the exact source item of a data violation instantly, eliminating the need for time-consuming manual searches across multiple cloud environments.

▶ Explore Navigation Details and User Interface

Navigation Path: To view the file location in DSPM Data Explorer, go to Analytics > DSPM Data Explorer > select chart view > select a Classification and Object Name using filters > click an applicable object from the results.

Minor Enhancements 

Automate User Identity Lifecycles with SCIM Provisioning 

Skyhigh now supports System for Cross-domain Identity Management (SCIM)-based provisioning to simplify identity lifecycle management and strengthen Zero Trust enforcement. SCIM establishes your Identity Provider (IdP) as the centralized source of truth for all user lifecycle events, including onboarding, role changes, and offboarding. Skyhigh Security synchronizes updates from the IdP in near real-time to ensure consistent access governance and improve audit readiness. For details, see Getting Started with SCIM Integration. 

Key Benefits

Enterprise environments often face fragmented identity management and security gaps due to manual account creation. SCIM-based provisioning addresses these challenges through several key enhancements:

• Zero Trust Enforcement. Newly provisioned users receive no access by default. Users gain access only after an administrator applies the appropriate role mappings in Skyhigh.
• Immediate Access Revocation. When you remove a user from the IdP, Skyhigh instantly revokes their access and moves the account to an inactive state to maintain audit traceability.
• Centralized Governance. Skyhigh restricts individual user-level edits for provisioned users. This ensures that all modifications occur at the IdP or group level for better integrity.
• Operational Efficiency. Group-to-role mapping in Skyhigh allows administrators to map specific roles to IdP groups. Once this mapping is established, any user added to that group in your IdP automatically inherits the assigned permissions. This streamlines user onboarding by eliminating the need for manual, one-by-one role assignments for every new user.  

▶ Explore Navigation Details and User Interface

Navigation Path: To view the SCIM-provisioned users, go to Settings > User Management > Users and Roles > select the Users tab.

NOTE: In the example below, you can see users who have been pushed from the IdP. The Linked Group column shows their respective IdP groups, while the Role(s) column remains unassigned, indicating that Skyhigh role mapping has not yet been applied.