9 Key Security Metrics for Monitoring Cloud Risks

Most organizations are using multiple cloud applications daily (by some estimates 100+). These applications need to be closely monitored based on the risk they pose and the purpose they serve. Here are some key security metrics which can help you monitor the use of Cloud Applications (primarily SaaS) within your organization. You can automate the measurement and report for most of these metrics using solutions like Cloud Access Security Brokers (CASB).

 

1- High-Risk Cloud Apps Discovered
Number of High-Risk Cloud Apps Detected based on Risk classification parameters for apps (e.g.: Apps without a well-defined privacy policy, hosting data outside EU etc.)

 

2- Cloud Apps Unauthorized / Authorized :
The ratio of Unauthorized vs authorised Cloud-Apps in use. Often Business Units can purchase Cloud Services on their own without informing IT, which results in Shadow IT. Some of these apps might not be authorized due to security concerns.

  

3- of Redundant Cloud Apps:
The number of duplicate / redundant cloud apps based on app discovery and use case. This can also help demonstrate cost savings providing a metric business can directly relate to. E.g.: Cloud-based File Storage can be consolidation to 1 provider from current 4 (Google Drive, SkyDrive, Box and Dropbox).

 

4- Sensitive Data Exposures Detected
Files accessible by unauthorized users either via the internet or intranet

 

5- Number of External Collaborators
Count of people from outside the organization who’re working collaborating on files containing sensitive data, hosted within or outside your domain

 

6- Cloud Services Having Access to Sensitive Data
Number of cloud services which store or process any data which is classified as sensitive by the organization.

 

7- Number of Cloud Services by Category
Number of cloud services in use by the organization in various categories (e.g.: Social Media, File Sharing, Screen Sharing etc.)

 

8- Cloud Policy Violations
These can vary based on the cloud policy defined by the organizations, but policy violations & exceptions need to be closely monitored, that’s why we included this metric. Some examples:

  1. # Unmanaged Devices having Access to Sensitive Data on Cloud
  2. # Instances of Sensitive Data on Cloud without Organization Managed Encryption Keys
  3. # Unmanaged cloud applications (e.g.: for Which Logs are not there for tracking user activities/logins)

9- Administrative or Privileged logins / Cloud Service
Average number of users having admin privileges for authorized cloud applications being

Did we miss something? Drop a note and we’ll update the list based on the feedback.

Views: 654

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

FireCompass

Forum

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by SACHIN BP SHETTY Apr 24. 1 Reply

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service