Data Risk Management
Data Risk is evaluated on aspects such as data access, sharing, syncing, and more. You can set weightings for attributes such as file sharing limits or data retention period for effective data risk management across the enterprise.
Data Risk Attributes
The Data Risk score is calculated out of the following categories, attributes, and values defined by Skyhigh CASB.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Data Sharing | File Sharing Support | Does the service offer a file sharing method as part of its service offering? | 10 - No 10 - NA 50 - Not publicly known 80 - Yes |
| Data Sharing | Limits on Data Uploads and Sharing | Does the service place limits of file uploads and sharing of data or does it offer unlimited sharing? |
10 - NA |
| Encryption | Data Encryption at Rest | Does the service encrypt data at-rest in its databases, file systems or at the virtual machine layer? | 10 - Yes 10 - NA 30 - Not publicly known 80 - No |
| Encryption | Data Encryption in Transit | What mode of SSL or TLS does the vendor support for protecting data in motion? |
10 - TLS 1.3 |
| Multilatency | Support for Multi-Tenancy | Does the cloud service provider provide a multi-tenant offering? |
10 - NA |
| Multitenancy | Encryption with Tenant Managed Keys (Data Mingling) | If the service provider supports encryption of data at-rest in the tenant, how are keys managed and who controls the keys? | 10 - Multi-tenant with data encrypted per tenant using tenant keys or tenant owned tokenization 10 - NA 30 - Multi-tenant with data encrypted per tenant using SP keys 40 - Single tenant and completely isolated data sets 50 - Not publicly known 70 - Multi-tenant without Encryption |
| Desktop Application | Auto Sync of Data on User Devices | Does the service provider offer a data sync application on desktop or mobile that allows for the synchronization of data between the devices and the cloud service provider? | 10 - No 10 - NA 30 - Not publicly known 60 - Yes |
| Data Retention | Data Retention Policy on Account Termination | After a service contract or account is terminated, when does the cloud service provider delete the data in the tenant? | 10 - Data Purged Immediately 10 - NA 20 - Less than 15 days 20 - 15-30 days 30 - 1-3 months 40 - 3-6 months 50 - 6 months - 1 year 60 - More than 1 year 60 - Not publicly known 70 - Data Retained |
| Data Sharing | Predominant Content Type | What is the predominant content type for the cloud service provider (e.g., files, photos, music, etc.)? | 10 - NA 20 - Photos 20 - Music 20 - Video 70 - Files 70 - Source Code |
| Data Sharing | Provides Granular Access Controls | Can the sharing of data be restricted at a user or group level? Can users control the level of access and rights to data? Can the sharing of information or access be controlled by time expiration? | 10 - Yes 10 - NA 20 - Not publicly known 60 - No |
| Data Loss Protection | Integrated Data Loss Prevention Capacity | Does the cloud service provider offer an integrated data loss prevention capability? | 10 - Yes 30 - Not publicly known 80 - No |
| Encryption | Encryption Strength at Rest | What encryption strength bit-length is used for data at-rest? | 10 - > 256 bit 20 - 256 bit 30 - 128 bit 40 - NA 50 - None 60 - Not publicly known |
| Encryption | Expiry of SSL Certificate | Duration when the SSL Certificate expires. | 10 - Less than 1 year 30 - Less than 6 months 40 - NA 50 - Less than 4 years 50 - Not publicly known 70 - Greater than 4 years 80 - Certificate Expired |
| Encryption | Signature Algorithm of SSL Certificate | What is the signature algorithm used by the SSL Certificate? | 10 - SHA512 With RSA Encryption 30 - SHA256 With RSA Encryption 40 - NA 50 - Not publicly known 60 - SHA1 With RSA Encryption 60 - Others 80 - MD5 With RSA Encryption |
| Encryption | Key Size of SSL Certificate | What is the key size used in SSL Certificate? | 10 - >= 4096 bits 20 - 2048 bits 40 - 1024 bits 50 - Not publicly known 60 - NA 80 - <= 256 bits |
| Encryption | Data Encryption Supported in Backup | Does the service encrypt data in backup in its databases, file systems or at the virtual machine layer? |
10 - Yes |
| Encryption | Encryption Strength in Backup | What encryption strength bit-length is used for data in backup? |
10 - >=2048 bits |