User and Device Risk Management
User and device risk is evaluated on aspects such as allowing anonymous access, multifactor authentication, single sign-on methods, enterprise identity authentication, and device pinning. You can set weighs for attributes for authentication and security across the enterprise.
How is User Risk Score Computed?
The concept of “High Risk User” is applied throughout the product. User risk level is computed daily on a scale of 1–9 (9 implying highest risk). It is calculated using multiple data points representing user behavioral aspects such as usage patterns, risk of services used, or total data movement. User risk scores are computed using the entire usage history that Skyhigh CASB has for the user. Risk ratings get more predictable as Skyhigh CASB sees more data of usage from the user and might not be accurate for new users.
Individual usage is then indexed against an average user to compute a composite risk score. Risk scores are not dependent on time windows or are they sensitive to short bursts of activity in a small time window.
Because a user’s risk is based on their activity for the entire time they are monitored by Skyhigh CASB, it is not possible to use this score to determine how risky a user is during a specific time period.
User/Device Risk Attributes
The User/Device Risk score is calculated out of the following categories, attributes, and values defined by Skyhigh CASB.
| Category | Attribute | Description | Possible Value |
|---|---|---|---|
| Questionable Features | Anonymous Use | Does the cloud service provider allow for anonymous access to the service? | 10 - No 50 - Not publicly known 80 - Yes |
| Authentication | Multifactor Authentication | Does the service provider support multifactor authentication for users accessing the service? | 10 - Yes 50 - Not publicly known 80 - No |
| Authentication | Identity Federation Method | What single sign-on methods does the cloud service provider support? | 10 - SAML Does CSP use SAML open standard for exchanging authentication and authorization data? |
| 10 - SAML & OAUTH Does CSP use both SAML & OAuth open standard for exchanging authentication and authorization data? |
|||
| 30 - OAUTH Does CSP use OAUTH open standard for exchanging authentication and authorization data? |
|||
| 50 - Others Does CSP use any of SSO, OpenID or LDAP for exchanging authentication and authorization data? |
|||
| 60 - Unknown | |||
| 80 - None | |||
| Authentication | Enterprise Identity | Does the cloud service provider support integration with enterprise directories or authentication providers? | 10 - Yes 30 - Not publicly known 80 - No |
| Security | Device Pinning | Does the cloud service provider support a method to identify unique devices connecting and accessing the service? | 10 - Yes 30 - Not publicly known 60 - No |