Feb 10, 2022
5 Minutes
Most people think they’re an above average driver, but let’s be honest, that’s probably not true. Back in September, Tesla released its new Safety Score feature, “an assessment of your driving behavior based on five metrics called Safety Factors.” The idea is to get a data-driven, objective, and easy to understand assessment of your safety as a driver and the likelihood of getting into an accident.
Taking inspiration from Tesla, your cloud security posture can similarly be assessed by a set of data-driven, objective criteria. While this is no easy task, it is extremely valuable nonetheless. CISOs and senior management want to understand the organization’s security standing, its strengths, and more importantly, its weaknesses–that is, its risks.
Determining risk goes beyond pinpointing individual vulnerabilities or weak points. The value is more in a bird’s eye view—supported by objective data—that gives a broader “report card” of just how things are looking and where efforts should be directed first, in order to make the biggest security improvements.
As I said, that’s challenging. It’s difficult to convey the actual state of your security posture to management and directors of the board without getting into technical details. Furthermore, It is extremely hard to quantify if you have X vulnerabilities and Y compliance violations – is it good, bad, or just ugly?
In addition to helping customers identify and prioritize cloud risks, we at Orca are excited to offer a new way to understand and share your current cloud security status based on specific predefined parameters: the Orca Security Score.
The Orca Risk Dashboard showing the Orca Security Score across 5 categories.
The Orca Security Score is found on Orca’s Risk Dashboard and is updated daily. The overall score is calculated based on performance in the following five categories:
A tab on the dashboard, Security Score breakdown, provides deeper analysis, with a drill down into each category. Note that each metric comes with recommendations for mitigation, making this data actionable and measurable.
The Orca Risk Dashboard showing the Security Score breakdown.
We believe that the Orca Security Score will help you report to higher management and board directors about security progress more clearly and effectively. Due to the fact that the scores are based on percentages and not raw numbers, you can more objectively make comparisons to other organizations and business units of different sizes.
In addition to reporting to senior management, the Orca Security Score can help with internal self-monitoring, as a way of measuring risk mitigation efforts, to know where to focus efforts, and track progress. It can be used to compare different business units and teams within a larger organization. It could potentially also play a role in measuring the security posture in company mergers and acquisitions, third-party risk management, and even cyber insurance underwriting.
Want to know your Orca Security Score? Orca provides a free, no obligation cloud risk assessment that, in addition to showing you where your most critical risks are, also reveals your Orca Security Score and how your cloud security posture compares to your peers.
You’ll also want to join our upcoming March 10 webinar, on Strengthen Your Cloud Security Posture: How to Evaluate Cloud Security Platforms, which will include a discussion and brief demo of the Orca Security Score.