Skyhigh Security 、SSEクラウドプラットフォーム全体でSOC 2 Type II準拠Skyhigh Security

By Sarang Warudkar and Stuart Bayliss -

April 30, 2026 5 Minute Read

Security compliance is not a moment in time; it is a sustained commitment. Today, we are proud to announce that Skyhigh Security’s Security Service Edge (SSE) Cloud Platform has completed its SOC 2 Type II assessment, validating that the complete Skyhigh SSE Portfolio meets the AICPA’s rigorous standards for securely managing customer data over an extended period.

This latest assessment builds on prior SOC 2 evaluations of the Skyhigh CASB and Web portfolios, and marks the first time the full, integrated Skyhigh SSE Cloud Platform, including all converged components, has been assessed as a unified platform.

What is SOC 2 Type II?

Developed by the American Institute of CPAs (AICPA), SOC 2 (System and Organization Controls 2) is an auditing framework that establishes standards for service providers to securely manage customer data. A SOC 2 examination is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality, and privacy.

The distinction between Type I and Type II is significant:

• SOC 2 Type I — Evaluates whether controls are designed appropriately at a single point in time
• SOC 2 Type II — Evaluates whether controls are operating effectively over an extended observation period (typically 6–12 months)

A Type II report provides independent, audited assurance; confirmed by an opinion from an independent CPA firm; that appropriate controls are not only in place but have been consistently operating as designed. This is the gold standard for cloud service provider security attestation.

The Five Trust Services Criteria

The SOC 2 Type II assessment evaluated Skyhigh Security’s controls across all five AICPA Trust Services Criteria (TSC):

• Security — The system is protected against unauthorized access, both physical and logical
• Availability — The system is available for operation and use as committed or agreed
• Processing Integrity — System processing is complete, accurate, and authorized
• Confidentiality — Information designated as confidential is protected according to policy or agreement
• Privacy — Personal information is collected, used, retained, disclosed, and disposed of in conformity with the entity’s privacy notice and AICPA Generally Accepted Privacy Principles

What’s New in the 2026 SOC 2 Assessment

The 2026 SOC 2 Type II assessment covers the complete Skyhigh SSE Portfolio as a unified cloud platform for the first time. This includes:

• スカイハイ セキュア ウェブ ゲートウェイ（SWG）
• スカイハイ クラウドアクセスセキュリティブローカー(CASB)
• SKyhigh Private Access（ZTNA）
• Advanced Data Loss Prevention (DLP)
• Remote Browser Isolation (RBI)

These components are fully converged into a single, cloud-native enforcement point that protects data and stops threats across all Software-as-a-Service (SaaS) applications, Infrastructure-as-a-Service (IaaS) environments, and Shadow IT. The platform provides a single DLP engine with centralised management and reporting, a unified policy framework across all data exfiltration vectors, and multi-layered security technologies to cover all enterprise use cases globally.

Why SOC 2 Type II Matters for Your Organization

For security and procurement teams evaluating cloud security vendors, a SOC 2 Type II report provides:

• Verified Operational Effectiveness — Independent evidence that security controls work as intended over time, not just at a snapshot
• Reduced Third-Party Risk — Audited assurance that directly reduces security risk for customers and their stakeholders
• Data Breach Prevention — Rigorous audit processes identify security gaps before they can be exploited, protecting against financial, operational, and reputational damage
• Regulatory Compliance Support — Supports compliance with GDPR, DPDPA, DORA, and other global data protection regulations that require vendor security assurance
• Procurement Confidence — Simplifies enterprise vendor due diligence and accelerates security reviews across regulated industries

Part of a Comprehensive Global Compliance Portfolio

The SOC 2 Type II certification is one part of Skyhigh Security’s broad and growing compliance portfolio. In addition to SOC 2, Skyhigh Security holds:

• FedRAMP High Authorization — U.S. Government (CASB, SWG, Advanced DLP)
• DoD Impact Level 2 (IL2) Provisional Authorization — U.S. Department of Defense
• ISO/IEC 27001 — International information security management (first CASB to achieve this)
• IRAP PROTECTED (2026) — Australian Government cloud security
• BSI C5 (2026) — German Federal Office for Information Security
• GDPR — European Union data protection regulation
• DORA — EU Digital Operational Resilience Act (financial sector)
• DPDPA — India’s Data Protection and Digital Privacy Act
• CSA STAR Level 1 — Cloud Security Alliance global benchmark

For a full view of our certifications and compliance posture, visit the Skyhigh Security Trust Center: https://www.skyhighsecurity.com/about/certification.html

About SOC 2

Developed by the American Institute of CPAs (AICPA), SOC 2 defines criteria for managing customer data based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy. A SOC 2 Type II report is an attestation that certain controls are in place and operating effectively to meet the AICPA’s Trust Services Criteria, confirmed by the opinion of an independent CPA firm.

Skyhigh Security was recognized in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE), published May 20, 2025, which evaluates vendors based on their Ability to Execute and Completeness of Vision. This report, which evaluates industry leaders based on their Ability to Execute and Completeness of Vision, serves as a testament to our ongoing innovation and market leadership. In the companion 2025 Gartner® Critical Capabilities for Security Service Edge report, Skyhigh Security achieved the highest score in the Data Security Use Case, once again reaffirming our multi-year leadership in data protection as a core differentiator of the Skyhigh SSE Portfolio. This recognition reflects our sustained investment in a unified, data-first SSE platform purpose-built for highly regulated industries, combining Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and Zero Trust Network Access (ZTNA) through a single cloud-native console, with advanced Data Loss Prevention (DLP) at its core.

本書に記載されている情報は、Skyhigh Security意見を反映したものであり、情報提供のみを目的としています。本書の内容は、いかなる法的助言を構成するものではなく、またそのように解釈されるべきものでもありません。 適用される法令に基づくコンプライアンス上の義務の評価については、お客様ご自身の責任において行っていただく必要があります。Skyhigh Security 利用は、お客様が地域、国内、または国際的な法的または規制上の要件への準拠を達成または維持することを保証、確約、または保証するものではありません。お客様の組織のコンプライアンス要件に特化したガイダンスについては、資格を有する法律顧問に相談することをお勧めします。

著者について

スチュアート・ベイリス

プロダクトマネジメント部長

スチュアートは20年以上にわたりプロダクトマネジメントの職務に従事し、世界最高水準の受賞歴を誇るクラウドベースのセキュリティソリューションを提供してきました。現在、スチュアートはSkyhigh Security チームを率い、Secure Security Edge（SSE）クラウドセキュリティプラットフォームを提供するグローバルインフラストラクチャの責任者を務めています。 

サラン・ワルドカール

シニア・テクニカルプロダクトマーケティングマネージャー

Sarang Warudkarは、サイバーセキュリティ分野で10年以上の経験を持つ経験豊富なプロダクトマーケティングマネージャーであり、技術革新を市場のニーズに合わせることに長けています。CASB、DLP、AI駆動型脅威検出などのソリューションに関する深い専門知識を持ち、効果的な市場投入戦略と顧客エンゲージメントを推進しています。サランはIIMバンガロールでMBAを、プネ大学で工学の学位を取得しており、技術的および戦略的洞察力を兼ね備えています。