Vendor Risk Assessment

Vendor Risk Assessment

Cloud services help your organization become more efficient, but how can you ensure that they meet your security and compliance requirements? Netskope Risk Insights provides granular detail about cloud and web use at your organization and uses the Netskope Cloud Confidence Index™ (CCI) to assess the enterprise readiness of cloud services based on a set of objective criteria. This serves as a guidepost to mitigate risk, influence usage and reduce cost.

Cloud Confidence Index

The Netskope Cloud Confidence Index™ (CCI) is a database of cloud apps that Netskope has evaluated based on 30+ objective criteria adapted from Cloud Security Alliance Guidance. These criteria measure apps enterprise-readiness, taking into consideration an apps security, auditability, and business continuity. 

To open the CCI page, click CCI in the Netskope UI.

VRP_CCI.jpg

Each app is assigned a score of 0-100, and based on that score, is placed into one of five Cloud Confidence Levels (CCL): Poor, Low, Medium, High, or Excellent. You can use the CCI score to make an app selection decision, as well as set policies based on level. For example, you can decide whether to let users share content in cloud storage apps rated Medium or below.

Data scientists at Netskope use two kinds of input: responses from various app vendors and other observed app capabilities. They first transform all input data into a numeric form. Then a learning algorithm is applied to combine different pieces of information to find the CCI score that is normalized between 0 and 100. In addition to this, Netskope also assigns rewards and penalties to the app based on the app category.

For example, for a cloud storage app, the penalty for not encrypting data at rest is very high, while the reward is low since this is basic functionality. For a social app, the penalty for not encrypting data at rest would be less severe and so on. This is taken into consideration while computing the final CCI score.

For CCI evaluation and assessment of an app, please add your request to the CCI Research team by sending an email to cci-request@netskope.com.

Here are some widely used use cases that will illustrate how you can make use of CCI to address your needs.

Share this Doc

Vendor Risk Assessment

Or copy link

In this topic ...