To help security teams understand which connected third party cloud applications in their environment present the most risk to network security, CloudLock developed the Cloud Application Risk Index (CARI). The process involves several evaluations:

• Data-access requirements: Organizations answer the following questions, among others: What permissions are required to authorize the application? Does granting data access mean that the application has programmatic (API) access to corporate SaaS platforms through OAuth connections? Can the application (and by extension, the vendor) act on behalf of users and take actions with corporate data, such as viewing and deleting?
• Community trust rating: Peer-driven and crowd-sourced evaluations are used for this assessment.
• Application threat intelligence: This comprehensive background check by cybersecurity experts is based on an application’s various security attributes, such as security certifications, breach history, and analyst reviews.

High