The Risk score is shown in your Secure & Govern instance in the dashboard view if you have at least one issue detected and/or sensitive content location based on your analysis rules and classification policies. The score is based on open issues and sensitive content detected in your content sources. Monitoring and reducing your risk score can help reduce the risk posed by data and how it is exposed and accessed across your content sources.

2021-01-29_9-32-22.png

How the risk score is calculated

The risk score is based on a variety of factors:

How to reduce risk

Reduce the number of open issues

Navigate to the Issues tab and choose the option to either 'Fix' or 'Ignore' open issues.

Prioritize resolving high severity and older open issues to have a larger impact on your risk score and security profile.

Reduce the number of unpermitted sensitive content locations

Navigate to the Sensitive Content tab to review sensitive content locations. You can either permit or remediate unpermitted sensitive content.

Turn on the filter to only view locations with unpermitted sensitive content and prioritize resolving high risk locations, older locations and locations which are accessible to many users to have a larger impact on your risk score and security profile.

Create content lifecycle policies

Navigate to the Content Lifecycle section under Settings to create policies that can automatically remove or archive content from sensitive or highly accessible areas.

Creating lifecycle policies for classification policies can reduce your risk on an on-going basis, particularly when targeting high risk classification policies or locations which are known to be accessible to many users.

FAQ

Is it possible for my risk score to be reduced when I add a new content source?

Yes, this is possible because the risk score is adjusted to take into account the total amount of content being scanned. If you add a source with relatively fewer issues and sensitive content locations, you may reduce your overall risk score.

Why do I see a change in risk score despite a lack of significant activity?

Here are some examples of indirect actions or events that can affect your risk score:

  • leaving open issues or sensitive content in unpermitted locations for extended periods of time (can increase risk over time),
  • enabling or disabling classification policies which can increase or reduce the amount of sensitive content found (can increase or decrease risk, respectively),
  • increasing or decreasing the severity of specified issue types by changing analysis rules (can increase or decrease risk, respectively),
  • adding new content to scanned repositories that is relatively more or less sensitive (can increase or decrease risk, respectively), and
  • actions from users or content lifecycle policies in your content sources that result in sensitive content being removed or the underlying reasons for issues being resolved (can decrease risk)
  • changes to the risk score algorithm

How often is my score updated?

The risk score is re-calculated every 24 hours, so any actions can take up to a day to reflect in your risk score.

Has Egnyte made any changes to the way risk score is calculated since it was first introduced?

The  following changes have been made to the risk score algorithm since it was first introduced in January 2021:

June 25, 2021 - Factoring Sensitive Content for tenants with multiple sources

Which tenants were impacted by this change?
Any tenant which had two or more content sources prior to June 25, 2021.

What was the change?
Prior to this change, the risk score for tenants with two or more content sources would not take sensitive content into consideration. A fix was made to ensure the algorithm factored in sensitive content when calculating the risk score and the change was released on June 25, 2021.

What can impacted tenants expect to see as a result of this change?
Impacted tenants may see an increase in risk score from before and after June 25, 2021 in the risk score historical graph on the dashboard view. This change will exists despite any major changes in open issues or unpermitted sensitive content on June 25, 2021. The increase in risk score depends on how much sensitive content (particularly unpermitted sensitive content) the tenant has. The recommended actions presented in the dashboard view, on the best actions to take to improve risk score, will also be automatically updated to take the new factors into account.

July 5, 2021 - Rebalancing algorithm

Which tenants were impacted by this change?
All tenants.

What was the change?
We rebalanced the algorithm to make a more normalized distribution of scores across tenants and make actions for tenants with high risk and critical risk scores make a more visible impact to risk score.

What can impacted tenants expect to see as a result of this change?
Current and historical risk scores may be lower, however the relative increases and decreases in historical scores will remain. There is a higher likelihood of tenants in higher risk buckets seeing a change in risk score after taking actions. Conversely, tenants in lower risk buckets will see a smaller change in risk score after taking actions.

 

Learn more about Risk Scores by watching a Quick Tip on Egnyte University:  Risk Scores