Skyhigh Security computes and assigns each cloud service a CloudTrust rating that indicates its enterprise-readiness. Skyhigh Security calculates the CloudTrust rating using a weighted average of the 66 Risk Attributes across Data, User/Device, Service, Business, Legal, and Cyber categories. It normalizes the result to a value between 1 and 9. Companies use the CloudTrust rating as a part of defining cloud governance policies.
- CloudTrust Rating 1–3. This range of scores reflects the most secure enterprise-apps, several of which receive the Skyhigh CASB Enterprise-Ready seal. Most enterprises sanction these services.
- CloudTrust Rating 4–6. A score of 4–6 indicates cloud apps that are still consumer or department focused. While these apps don’t meet all enterprise security requirements, they are used by companies with additional controls such as data loss prevention policies and access controls. This is due to their strong value propositions, often in terms of increasing employee productivity.
- CloudTrust Rating 7–9. A score of 7–9 is given to apps that are too risky to be used within the enterprise as they lack critical security controls such as encryption at rest, login authentication, and ownership of the content uploaded. Due to security deficiencies, they end up exposing sensitive enterprise data to unauthorized access and potentially exposing the company to compliance breaches. Most enterprises block these services.
NOTE: If you do not agree with the CloudTrust rating for a Service, you can send a Recategorization Request.