Application Risk Level
  • 13 Dec 2023
  • 1 Minute to read
  • Dark
    Light
  • PDF

Application Risk Level

  • Dark
    Light
  • PDF

Article summary

An application's risk level is an assesment of the application's potential security risks that allows organizations to make informed decisions regarding the application.

A risk level has three values: Low, Medium, and High.

The risk is calculated based on a number of parameters which are gathered from public information shared by the application’s vendor and updated on a monthly basis. Parameters include:

  • Product security - Takes into account whether the application supports SSO, 2FA/MFA enforcement, bug bounty program or the customer’s ability to report security issues. For example, the lack of SSO support increases the risk score.
  • Data security - Measures the application does or does not take to secure their data, for example, data encryption in transit/at rest. The lack of data encryption increases the risk score.
  • Compliance with relevant industry standards - Such as SOC2, ISO 27001, PCI DSS, HIPAA or GDPR. Meeting a compliance standard reduces the risk score.
  • Publicly available reports and policies - Such as privacy policy, user terms, or DPA. Inability to meet various policies increases the risk score of the application.
  • Additional aspects - The vendor’s geographic location, the number of employees, and other relevant information.

Example

The following table is for illustration purposes only. In reality, Axonius implements a wider range of parameters to determine the application’s risk level.

CriteriaApplication AApplication B
SSO supportedV
MFA supportedV
Data encryption at restV
Data encryption in transitVV
SOC2V
ISO 27001V
Privacy policyVV
User termsV
HQ locationUSAUSA
Number of employees100050
Risk LevelLowHigh

You can view the risk levels for various applications on the SaaS Applications page.


Was this article helpful?