Understand the Data Risk Calculations
| Limited Availability: To access DSPM Data Explorer, contact Skyhigh Support. |
Skyhigh Security assesses data risk using an Object Risk Score. This score signifies the risk level of a data object at the specific time it was last evaluated and analyzed by the DSPM system.
Object Risk Score is designed to empower security teams with proactive insights into potential data loss and compliance risks. By assigning a dynamic risk score to every scanned or captured object (e.g., a file attachment in a web browser or email), the system enables the early identification of high-risk data items, significantly before an incident is triggered. This approach allows organizations to mitigate data exposure and strengthen their security posture.
Skyhigh Security has developed a Machine Learning derived heuristic algorithm to calculate Object Risk that utilizes a weighted combination of multiple key dimensions, and contributing factors include:
|
Dimension |
Description |
Example |
|---|---|---|
|
Content Sensitivity and DLP Policy Match Severity |
Directly assesses the sensitivity of the data or object being scanned. It takes into account the number and types of classifications identified within the content. Assesses the established DLP rule match and the number of DLP matches found during the scanning process. |
An object that matches multiple sensitive classifications and a higher number of matches against more critical DLP policies will result in a higher risk score. |
|
Contextual Factors |
Considers how, where, and by whom the data is being used. This includes crucial elements such as Skyhigh-evaluated Cloud Service Provider (CSP) risk, which assesses the security posture and compliance of the cloud environment where the data resides, and Skyhigh-evaluated User risk, which evaluates the behavior and privileges of the individuals interacting with the data. |
A highly sensitive document being accessed by a user with a history of policy violations, or stored in a high-risk cloud service, would contribute to a higher risk score. |
Each of these dimensions contributes a numerical weight to the object’s overall risk score.
Object Risk Weighting
Skyhigh's Object Risk Scoring system utilizes a scale from 1 to 9, which is further categorized into intuitive severity levels, each represented by a distinct color code for quick visual identification.
- ▶ Click to view an image illustrating Object Risk Weighting in the Object Risk bar
-
|
Risk Ranges |
Object Severity Levels |
Color Code |
|---|---|---|
|
1-3 |
Low |
Green |
|
4-6 |
Medium |
Yellow |
|
7-9 |
High |
Red |
Dynamic Object Risk Recalculation
Object risk is dynamic and not static. This means that an object's risk score can change over time as its exposure context evolves. For instance, a file initially classified as "Medium risk" could quickly escalate to "High risk" if its sharing permissions are altered to include external organizations. Skyhigh Security's system continuously recalculates object risk under the following conditions to maintain accurate and up-to-date assessments:
- Object Rescanning or Modification. The system doesn't continuously monitor or update each object's risk score in real time. Instead, it relies on scheduled scans, user interactions, or other triggers that bring the object to the attention of the DLP engine for re-assessment. Any time an object is re-scanned, such as during routine audits, scheduled scans, or if the object itself is modified (e.g., content changes, metadata updates), its risk score is re-evaluated.
- User Actions Altering Exposure Context. Critical user actions that impact an object's exposure, such as sharing a document with external users, changing access permissions, or moving a file to a vulnerable location, trigger an immediate recalculation of the object's risk.