• CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • CUSTOMER LOGIN
  • Products
    • TPRM by ThirdPartyTrust
    • Beacon by ThirdPartyTrust
  • Resources
    • Blog
    • Strategy Guides
    • Case Studies
    • Data Sheets
    • Webinars
    • API
  • Company
    • About us
    • Partners
    • Product Security
    • Privacy Policy
REQUEST DEMO
  • Products
  • TPRM by ThirdPartyTrust
  • Beacon by ThirdPartyTrust
  • Solutions
  • Risk Assessment Automation
  • Security Questionnaire Automation
  • Shadow IT Management
  • Zero Day Remediation
  • Integrations
  • Industries
    • Financial
    • Energy
    • Healthcare and Hospitals
    • Legal
    • Life Sciences
    • Manufacturing Industry
    • Retail
    • Technology
    • Other Industries
  • Pricing
  • Resources
  • Blog
  • Strategy Guides
  • Case Studies
  • Data Sheets
  • Webinars
  • Dictionary
  • API
  • Company
  • About us
  • Careers
  • Partners
  • Partners Login
  • Product Security
  • Privacy Policy

Measuring enterprise readiness of your cloud service vendors

Published by Sabrina Pagnotta on August 12, 2022
Categories
  • Blog
  • Cybersecurity
Tags
  • Cybersecurity
netskope cci feature release thirdpartytrust

How can you ensure Cloud services meet the security and compliance requirements of your organization?

As part of your vendor risk management (VRM) or third party risk management (TPRM) program, you’re performing vendor risk assessments to understand and manage the inherent risk that a cloud provider could bring to your organization.

Taking this a step further, our ThirdPartyTrust TPRM automation tool has integrated Netskope capabilities that will allow you to identify all cloud services and websites being used, assess enterprise readiness of SaaS and IaaS, and mitigate risk to your organization.

As a security leader, it’s critical that you know the enterprise readiness of your most important third party cloud services. Your enterprise will benefit from having Netskope evaluate your cloud services based on an objective yardstick, as well identify security and compliance gaps.

ThirdPartyTrust introducing Netskope CCI and CCL to enhance vendor risk management

Customers use TPRM by ThirdPartyTrust to manage their end-to-end vendor lifecycle, from due diligence and risk assessments to continuous monitoring and reassessments. Our tool improves visibility over third party vendors across the extended supply chain, and reduces the time spent on requesting and reviewing security documents through process automation, document storage, and workflow management capabilities.

In order to make your vendor management program more comprehensive, ThirdPartyTrust integrates and brings together objective data from several sources, including BitSight, the standard in security ratings; and Netskope, developer of cloud security solutions.

A few months ago, we launched the first phase of our ThirdPartyTrust and Netskope integration, designed to improve visibility over the vendor network by automatically detecting Shadow IT cloud applications, and adding them to the monitored vendor inventory.

Today, we’re announcing the integration of Netskope CCI and CCL indicators, designed to help you comprehend the impact of using a cloud app and its inherent risk in relation to your security standards.

With this new feature, you will be able to:


  • Gain an objective, third party assessment of your most important cloud services
  • Understand and quantify your third party risk
  • Learn insights that can help you shortlist cloud services for adoption
  • Identify your services’ security and compliance gaps so you can address them or arrange for compensating controls

What are the CCI and CCL indicators?

CCI stands for Cloud Confidence Index, a database of more than 49,000 cloud apps that Netskope has evaluated based on 30+ objective criteria adapted from the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM).

The CCI score is a quantitative measure that indicates the enterprise readiness of a cloud app, taking into consideration its security, auditability, and business continuity.

Each app is assigned a CCI score of 0-100, and based on that score, is placed into one of five Cloud Confidence Levels (CCL): 

  • Poor
  • Low
  • Medium
  • High
  • Excellent

The CCI is a numeric score, while the CCL is the risk category to which it belongs. The higher the CCI score, the higher its CCL level will be.

How can you leverage Netskope CCI and CCL as part of your vendor management?

The ultimate goal of the Netskope CCI is to help you assess cloud service enterprise readiness, which is a core function of your TPRM program.

In essence, the CCI score is another tool you can use to make a decision about a potential third party vendor, as part of your risk assessment and monitoring. You can also use it to set policies based on the levels above. For example, you can decide whether to let users share content in cloud storage apps rated Medium or below.

As a result of this new feature, for any given vendor -say Google, for example- ThirdPartyTrust will show customers a new section titled “Cloud Security Stack”, as you can see below:

netskope cci ccl thirdpartytrust

Each cloud service has its own CCI score and CCL category displayed. With a Netskope subscription, customers will see additional data elements to assist them in making informed decisions about their vendors, namely: the amount of users who are connected to it, the amount of uploaded and downloaded corporate data, and the connections.

Using data to vet cloud service vendors

Whether your IT team is aware of it or not, most employees use several cloud services daily, including collaboration, file-sharing, backup, messaging, or email apps. With the shift to Cloud computing and the accelerated digital transformation after the pandemic, cloud services have penetrated enterprise ecosystems in nearly every area: from measuring employee performance, to automating marketing or tracking sales, to managing software development.

Keeping track of thousands of cloud apps is not a simple task, especially when 32% of employees admit to using cloud apps that were not approved by IT, and 58% affirm they’re not comfortable with their technology stack.

We’ve written extensively about the Shadow IT issue and how the solution does not lie in eliminating cloud services, but rather in gaining a deep understanding of their usage. Organizations can -and should- be open to cloud services without fear of the contents that are exchanged between the enterprise and cloud.

Our solution to achieving that deep understanding is integrating Netskope’s CCI and CCL into our end-to-end vendor risk management platform. We’re confident this will help you comprehend the impact of using a cloud app on your company’s overall goal of security and data integrity.

TRY IT OUT NOW
Sabrina Pagnotta
Sabrina Pagnotta
Sr. Content Strategist
    • Phone
      |+1-617-245-0469
    • Address
      |
      111 Huntington Ave, Suite 2010, Boston, MA 02199
    • Sales
      |sales@bitsighttech.com
    • Contact Us
    Laika_SOC2_TypeI_PurpleIris        CSA_Trusted_Cloud_Provider

    ©2022 ThirdPartyTrust, LLC and its Affiliates. All Rights Reserved. | 111 Huntington Ave. Suite 2010 Boston, MA 02199
    • BLOG
    • PARTNERS LOGIN
    • CONTACT US
    • PRIVACY POLICY
    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
    Do not sell my personal information.
    Reject AllAccept
    Cookie Settings
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
    CookieDurationDescription
    cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
    cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
    cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
    cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
    cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
    viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
    Functional
    Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
    Performance
    Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
    Analytics
    Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
    Advertisement
    Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
    Others
    Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
    SAVE & ACCEPT