Cloud Security Metrics

I am working on a CASB solution and would like to know what cloud security metrics are usually important to management.  The plan is to build a dashboard to include these metrics.
SMBITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
For example,

1- High-Risk Cloud Apps Discovered with parameters for apps (e.g.: Apps without a well-defined privacy policy, hosting data outside EU etc.)

2- Cloud Apps Unauthorized / Authorized e.g. Cloud Services on their own without informing IT, which results in Shadow IT.

3- Sensitive Data Exposures Detected e.g. Files accessible by unauthorized users either via the internet or intranet

4- Number of External Collaborators on files containing sensitive data, hosted within or outside your domain

5- Number of Cloud Services Having Access to Sensitive Data e.g. services which store or process any data which is classified as sensitive by the organization.

6- Number of Cloud Services by Category use by the organization in various categories (e.g.: Social Media, File Sharing, Screen Sharing etc.)

7- Number of Cloud Policy Violations

## Unmanaged Devices having Access to Sensitive Data on Cloud

## Instances of Sensitive Data on Cloud without Organization Managed Encryption Keys

## Unmanaged cloud applications (e.g. which Logs are not there for tracking user activities/logins)

8-  # Administrative or Privileged logins / Cloud Service e.g. Average number of users having admin privileges for authorized cloud applications being

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
David FavorLinux/LXD/WordPress/Hosting SavantCommented:
A very broad question.

Likely best to survey your actual potential users.

Tip: In 2017 I did a 90 day analysis of all the hacked sites I'd cleansed. Here's what I found.

1) All sites were WordPress sites.

2) <10% sites were hacked vectored through WordPress. Hack points were premium/paid themes + plugins. I found no hacks because of outdated WordPress core files, even though some of these sites were running outdated WordPress core versions.

3) 90% sites were hacked because of the following foolishness.

a) LAMP Stacks were running outdated PHP.

b) People were running HTTP WordPress sites rather than HTTPS, using common user/pass combinations which were scraped off the wire.

c) People were running FTP rather than SFTP, using common user/pass combinations which were scraped off the wire.

Summary: Security primarily relates to...

1) Running 100% encrypted protocols, so no clear text user/pass credentials every cross the wire.

2) Vet all premium/paid software as much of this software has backdoors built into them.

3) Keep your entire LAMP Stack (Linux/Apache/MariaDB/PHP/OpenSSL) at latest stable versions at all times.

So in your dashboard... Be sure to find ways to track this sort of data + report this data in a way that's it's actionable.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cloud Computing

From novice to tech pro — start learning today.