Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here

Skyhigh Security

Cloud Security Advisor Checklist

The Cloud Security Advisor Checklist provides a list of actionable steps you can take to improve your scores in Visibility and Control. 

From Dashboards > Cloud Security Advisor, click inside the Checklist to improve your scores to expand the panel. Recommendations are grouped by product category: SaaS, Shadow IT, and IaaS. 

csa_checklist_5.5.5.png

The Checklist provides the following information and actions:

  • Visibility. Select the Visibility tab to see recommendations on how to improve your Visibility score. Recommendations are grouped by product: Iaas, SaaS, and Shadow IT. 
  • Control. Select the Control tab to see recommendations on how to improve your Control score. Recommendations are grouped by product: Iaas, SaaS, and Shadow IT.
  • Download. Click the download arrow to download a CSV file of the Metrics Details. 
  • Show pending/completed first. Select to display pending or completed recommended tasks first in the list. 
  • Total Points. Displays the number of total points you have scored currently out of 100, and how much you can improve your security maturity by completing the recommended tasks. 

Select each Checklist item to view your current score in that area. Then review details about the specific actions you can take within Skyhigh CASB to add points to that score. Read the provided instructions and click the buttons to take you to the Skyhigh CASB page to perform the recommended task. 

IMPORTANT: When you perform recommended Checklist tasks, it can take up to 24 hours to see changes in your scores. 

Click the X at the top of the screen to close the Checklist recommendations panel.  

New Checklist Metrics

When Skyhigh CASB adds metrics to the Cloud Security Advisor Checklist, they display the label New. Skyhigh CASB gives you 90 days to act on the suggestions for the new metric before it is added to your score. 

If an old metric was discontinued, in the Cloud Security Report, you will see a valid score in the previous quarter, but 0 scores or N/A in the current quarter, because it no longer exists. 

For a list of all available metrics, see Cloud Security Report.  

Take Credit for Another Solution

IMPORTANT: To Take Credits, you must have the Cloud Security Advisor Dashboard Manager role. For details see About User Roles and Access Levels

Some security maturity score recommendations may already be covered as a built-in feature of the cloud service you are using, another security product, or a custom in-house development. Or your organization may have another solution that fulfills the requirements of this recommendation.

In order to get credit for this solution in your security maturity score, you can mark a recommendation using the Actions > Take Credit for Another Solution option. Each recommendation credit displays the number of points your score will gain. To ensure the integrity of scoring, the credit is logged and displayed in the metric history, as well as in the You (Attested) point on the Cloud Security Advisor graph. 

Once you have taken credit for another solution, you can edit the reason for that credit, or you can revoke it. Credits expire after a duration of one year. 

csa_checklist_take_credit_5.3.2.png

To Take Credit for Another Solution:

  1. Select the recommendation from the checklist. 
  2. The recommendation Cloud Card displays What you can do to improve your score, and What you've accomplished, if you've already acted on recommendations. 
  3. Click Actions > Take Credit for Another Solution
  4. Another Cloud Card displays. Select the service instances you want this credit to apply to. 
  5. Specify your reason for the credit:
    • Built-in feature of this service. The current service already provides the feature to fulfill this recommendation. 
    • Another Security Product. Your organization uses another product to fulfill this recommendation. 
    • Custom development. Your organization has developed and uses a custom solution to fulfill this recommendation. 
    • Other. Enter another reason. 
  6. Click Take Credit for Another Solution

Edit or Revoke a Credit

  1. Under What you've accomplished, find the credit you want to edit or revoke. 
    csa_credit_edit_revoke.png
  2. Click the three dots menu and select one:
    • Edit Reason. Click to edit the reason for the credit. Then click Edit Reason to save changes. 
    • Revoke Credit. In the Revoke Credit dialog, click Revoke
      csa_credit_revoke.png

Waive Recommendation

IMPORTANT: To take Waivers, you must have the Cloud Security Advisor Dashboard Manager role. For details see About User Roles and Access Levels

Some security maturity score recommendations may not apply to your organization's security implementation. To improve your security maturity score for recommendations that are not relevant, you can dismiss them by using the Actions > Waive Recommendation option. 

Each recommendation waiver displays the number of points your score will gain. To ensure the integrity of scoring, the waiver is logged and displayed in the metric history, as well as in the You (Attested) point on the Cloud Security Advisor graph. 

Once you have waived a recommendation, you can edit the reason for that waiver, or you can revoke it. Waivers expire after a duration of one year. 

csa_checklist_waive_5.3.2.png

To Waive a Recommendation:

  1. Select the recommendation from the checklist. 
  2. The recommendation Cloud Card displays What you can do to improve your score, and What you've accomplished, if you've already acted on recommendations. 
  3. Click Actions > Waive Recommendation
  4. Another Cloud Card displays. Select the service instances you want this waiver to apply to. 
  5. Select reasons for the waiver:
    • Not a production instance. This instance is not used for production and therefore should not count towards the security maturity score. 
    • Indirect usage by another application. This service instance is used indirectly by another application. 
    • Usage is too low. There is not enough usage to count towards the security maturity score. 
    • Other. Enter another reason. 
  6. Click Waive Recommendation

Edit or Revoke a Waiver

  1. Under What you've accomplished, find the waiver you want to edit or revoke. 
    csa_waiver_edit_revoke.png
  2. Click the three dots menu and select one:
    • Edit Reason. Click to edit the reason for the waiver. Then click Edit Reason to save changes. 
    • Revoke Waiver. In the Revoke Waiver dialog, click Revoke
      csa_revoke_waiver.png

0 Points for a Product Category or Recommendation

You may have a product category (such as IaaS, SaaS, or Shadow IT) or a recommendation that displays 0 points in the checklist, possibly because you don't have a use for it in your implementation. If the score is 0 points for a category or recommendation, the (...) menu is available. From here you can select Take Credit for Another Solution or Waive Recommendation for the entire group. 

Checklist CSV File

The Checklist Metrics Details CSV file provides the data from this pane in a downloadable format. 

csa_checklist_csv_5.1.2.png

The CSV file fields are:

  • MetricName. The name of the metric you are being scored on. 
  • Description. The description of the metric. 
  • Dimension. The dimension of the metric: Visibility or Control. 
  • Product. Metrics are grouped by product: Iaas, SaaS, and Shadow IT.
  • Phase. The phase of the security maturity metric, defined as:
    • Phase 1. Sanctioned Cloud Hygiene
      • O365 Collaboration Blocklists
      • IaaS Configuration Assurance
      • IaaS Storage Malware Scanning
      • Shadow Visibility and Governance (CLR)
    • Phase 2. Sanctioned Cloud Protection
      • O365 DLP and Collaboration
      • O365 Conditional Access
      • IaaS Storage DLP
    • Phase 3. Shadow IT Control
      • Shadow IaaS Governance
      • SaaS Application Control
      • Shadow and Web DLP
    • Phase 4. Threat Protection
      • SaaS UEBA
      • IaaS Host, Network, and Platform Threats
      • IaaS Privilege Management
  • Effort. The level of effort to complete the metric. 
  • MaxScore. The maximum score available for this metric. 
  • QtdResult. The cumulative quarter to date result for this metric.
  • QtdResultDetail. The cumulative quarter to date result details for this metric.
  • QtdScore. The cumulative quarter to date score for this metric.
  • Recommendations. The report provides up to five actionable recommendations for each metric. 
  • Was this article helpful?