How risky are public cloud
services? One company, Skyhigh Networks, is out with a new dashboard that is designed to help assess that risk.
Called the Skyhigh Enterprise Cloudrisk Dashboad, the new product employs advanced analytics to provide a data-driven approach to cloud security assessment. CEO and founder Rajiz Gupta said in a statement that the dashboard is looking to bring the same kind of “objective, quantitative credit scores” to managing cloud services that financial services firms have been using for years to evaluate lending risk.
On its corporate blog, Skyhigh’s Kamal Shah said on Wednesday that the CloudRisk Score could be compared to the FICO credit score in that, like the assessment of credit risk, the CloudRisk Score “provides enterprises with an objective, quantifiable assessment of cloud risk.”
The dashboard offers a single score for overall cloud risk, which uses a 1 to 10 scale based on such contributing factors as service, user and data risk. CloudRisk recommendations suggest specific actions for reducing cloud-based risk and increasing that score, and users can view details on contributing metrics that drive the scores.
Benchmarks provide a comparison with an organization’s CloudRisk Score across departments or with peers in the same industry, and CloudRisk Trends show changes to the score over time, in addition to insights about changes in users, service and data risk. This kind of quantified feedback, the company said, could help organizations continually improve their security profiles.
Lawrence Orans, research vice president with industry research firm Gartner, noted that the range of cloud-based apps vary in their security levels, from those with enterprise controls to “ones that are more consumer friendly.” He suggested that the CloudRisk Dashboard might be useful “if you want visibility into what your employees are doing” in the cloud.
Accompanying the announcement, Cloud Security Alliance (CSA) CEO and co-founder Jim Reavis told news media that his organization has been “working to establish standards that help in reducing the risk of cloud adoption,” and Skyhigh is taking the lead “in putting these standards in practice by providing continuous visibility and risk-based insights.”
Late last month, Skyhigh released its CloudTrust Program that offered a comprehensive, third party assessment of a cloud service’s security capabilities in terms of security control and enterprise readiness, based on more than 50 of CSA’s criteria. Those criteria relate to attributes for users, devices, data, services, business and legal.
Skyhigh says it evaluates thousands of cloud services and stamps as enterprise-ready only those that have “the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.” To date, those include Adobe EchoSign, Appcelerator, Cisco WebEx, DocuSign, HubSpot, Informatica, Jive Software, Lattice Engines, and Salesforce.
In December, Skyhigh announced Skyhigh Secure for Box, which it described as the only data loss prevention (DLP) solution for companies using Box, with existing on-premises DLP capabilities extended to that online storage and collaboration service.