Josys Discovered Apps reveal the Shadow IT apps used within an organization by identifying and assessing the associated risks through their Risk Scoring System. As the scoring system is limited only to the baseline evaluation, to fully understand saas sprawl risks and apps with unknown or incomplete risk profiles, Josys has integrated advanced AI technologies to provide comprehensive app insights to understand the reasons why apps are high-risk and focus on Generative AI to uncover emerging threats. As a result, an intelligent overview of discovered apps is presented to the IT Admin to make informed decisions. Read our blog on AI-Powered SaaS Risk Analyzer Controls Risk with Confidence to learn more.
Vendor Risk Analysis - an AI-Powered Risk Feature
This feature provides comprehensive information on the security and risky profiles associated with the discovered apps. This enables IT Admin to evaluate the risks and make informed decisions during license procurement, application purchases, and vendor assessments.
Unlike the traditional security assessment approach that depends on network probes (SSL, TLS, CSP, Cipher strength, CVE), Josys uses publicly accessible crowdsourced data aligned with the ScuBA framework to detect security threat details.
Steps to Access Vendor Risk Analysis
Step 1: Navigate to the Discovered Apps from the Apps menu and click App Risk Assessment.
Step 2: Search for the app and click Review App for the respective app.
Here’s how security risk information is structured for the app.
1. Risk Profile Overview: Displays the Risk Level of the apps, followed by their Security Score, app review-based Rating, Category, and an explanation contributing to the risk level assigned to the app.
2. Gen AI (Generative): Covers data privacy details while sharing information with third-party GenAI vendors and using data for model training. Click ⓘ to learn more about it.
3. Security Postures: Provides a comprehensive view of security practices, including:
- Access controls such as RBAC (Role-Based Access Control), SSO (Single Sign-On) support, and MFA (Multi-Factor Authentication) to ensure secure user access.
- SSO Support to ensure secure authentication.
- Audit Logs for monitoring the app usage activity and ensuring compliance.
- IP Reputation Status
- Data Protection Rating
- Status Page
4. App URLs
5. Operational Risk includes the details of privacy risks and exposure of the application’s attack surface, and the status of disaster recovery and business continuity plans.
6. Legal & Compliance provides the privacy policy, data policy and procedures, and terms and conditions information.
7. App Details includes detailed information about the app.
8. Report Data Errors allows users to report any AI-generated errors.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article