[DrScratch] Security Risk Assessment of Dr. Scratch

S, Maveena Maveena_S at McAfee.com
Thu Sep 26 00:00:19 CEST 2019


Hi,

We are getting in touch with you to complete the security risk assessment of "Dr. Scratch" service. Based on the information available on your website, developer forums, white papers, blogs, articles etc., we have updated close to 50 attributes across 5 different categories – Data, Service, User/Device, Business and Legal Risk. Once we have the values for each of the attribute, we calculate what is called the "Risk Score" for the service using a proprietary algorithm. These scores are either Low (1-3), Medium (4-6) or High (7–10). This directly means, that according to us, a service is either Low Risk, Medium Risk or High Risk. One such assessment has been done for "Dr. Scratch". Based on our research, we have not been able to find values for a few attributes such as

  *   Data Retention Policy Upon Account Termination
(After a service contract or account is terminated, when does the cloud service provider delete the data in the tenant?)
  *   Support for Data Access Logging
(Does the cloud service provider log accesses to databases?)
  *   Service Hosting Locations
(Where is the geographic hosting location of cloud service provider?)
  *   Provides Granular Access Controls
(Can the sharing of data be restricted at a user or group level? Can users control the level of access and rights to data? Can the sharing of information or access be controlled by time expiration?)
  *   Service in ITAR List
(Is the cloud service provider listed in the International Traffic and Arms Regulations (ITAR) listing of Directorate of Defense Trade Controls (DDTC) certified providers?)

A brief about us: MVISION is a cloud service discovery and enablement platform that discovers all the cloud services used in an organization, analyzes the behavior of users and services for anomalies, secures access to cloud services by enhancing perimeter security, deploying encryption, enabling data loss prevention and securing access to business critical cloud services via access control. Over 50 attributes are updated to provide an appropriate risk assessment for each cloud service. Over 400 enterprises, many from Fortune-500, use MVISION to manage their "Cloud Adoption Lifecycle" with unparalleled visibility and risk assessment, usage and threat analytics, and seamless policy enforcement. More about us at http://www.skyhighnetworks.com/

Best Regards,
Maveena S.
Service Intelligence Team
McAfee MVision Cloud (Skyhigh) Business Unit

[cid:123456789]<https://www.skyhighnetworks.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gsyc.urjc.es/pipermail/drscratch/attachments/20190925/146534f3/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: application/octet-stream
Size: 90064 bytes
Desc: image003.png
URL: <http://gsyc.urjc.es/pipermail/drscratch/attachments/20190925/146534f3/attachment-0001.obj>


More information about the drscratch mailing list