To help security teams understand which connected third party cloud
applications in their environment present the most risk to network
security, CloudLock developed the Cloud Application Risk Index (CARI).
The process involves several evaluations:
- Data-access requirements:
Organizations answer the following questions, among others: What
permissions are required to authorize the application? Does granting
data access mean that the application has programmatic (API) access to
corporate SaaS platforms through OAuth connections? Can the application
(and by extension, the vendor) act on behalf of users and take actions
with corporate data, such as viewing and deleting?
- Community trust rating: Peer-driven and crowd-sourced evaluations are used for this assessment.
- Application threat intelligence:
This comprehensive background check by cybersecurity experts is based
on an application’s various security attributes, such as security
certifications, breach history, and analyst reviews.