Bitsight VRM integrates the Netskope CCI and CCL indicators, designed to help you comprehend the impact of using a cloud app and its inherent risk in relation to your security standards.
With this feature, you can:
- Gain an objective, third-party assessment of your most important cloud services.
- Understand and quantify your third-party risk.
- Learn insights that can help you shortlist cloud services for adoption.
- Identify your services’ security and compliance gaps so you can address them or arrange for compensating controls.
What are the CCI and CCL indicators?
CCI stands for Cloud Confidence Index, a database of more than 49,000 cloud apps that Netskope has evaluated based on 30+ objective criteria adapted from the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).
The CCI score is a quantitative measure that indicates the enterprise readiness of a cloud app, taking into consideration its security, auditability, and business continuity.
Each app is assigned a CCI score of 0-100, and based on that score, is placed into one of five Cloud Confidence Levels (CCL):
The CCI is a numeric score, while the CCL is the risk category to which it belongs. The higher the CCI score, the higher its CCL level will be.
How can you leverage Netskope CCI and CCL as part of your vendor management?
The ultimate goal of the Netskope CCI is to help you assess cloud service enterprise readiness, which is a core function of your TPRM program.
In essence, the CCI score is another tool you can use to make a decision about a potential third-party vendor, as part of your risk assessment and monitoring. You can also use it to set policies based on the levels above. For example, you can decide whether to let users share content in cloud storage apps rated Medium or below.
As a result of this new feature, for any given vendor, Bitsight VRM shows a new section titled, “Cloud Security Stack.”
Each cloud service displays its own CCI score and CCL category. With a Netskope subscription, you can also see additional data elements to assist you in making informed decisions about your vendors, namely:
- The number of users who connected to a cloud vendor application.
- The amount of corporate data in MB uploaded by users.
- The amount of corporate data in MB downloaded by users.
- The total amount of unique connections.