Guides
Secure Access Help Center

Manage App Risk Profiles

App risk profiles define the level of risk you are willing to accept in controllable internet applications users access. The risk level associated with a profile is determined by a set of risk attributes you select, joined by the OR or AND operator (which you also select).

Once you have defined an app risk profile, you can apply it in an Internet Access Rule. The controllable applications impacted by the rule will be restricted by the app risk profile attributes. So, for example, if you create a rule citing social networking applications as the destination, and apply an app risk profile that stipulates allowing only applications that are FedRamp compliant, then Secure Access will block social networking applications that are not FedRamp compliant.

Be aware that the effect of a risk profile on a given application may change as the characteristics of that application change. For instance, if an app risk profile is defined to block applications that do not comply with FedRamp, an application that is not FedRamp compliant will be blocked; but if that application becomes FedRamp compliant, Secure Access will recognize this and the app risk profile will no longer cause the application to be blocked. Similarly, if an app risk profile is defined to block applications with a particular value for Label Status or Application Risk Score, and you manually change the Label or Risk Score from the App Discovery Report, the app risk profile will no longer cause the application to be blocked.

App Risk Profile Attributes

All app risk profile attributes are viewable in app details in the App Discovery Report.

  • Label Status

The approval status of an app.

  • Application Risk Score

The application risk score could be calculated by Secure Access (based on Business risk, Usage risk, Vendor compliance, and Community risk (if available)) or assigned by you. The possible values are Very Low, Low, Medium, High, and Very High. The application risk score is displayed in the Third-Party Apps Report and the App Discovery Report.

  • Business Risk Factors

Business risks take into account factors such as usage type, web reputation, financial viability, and data storage risks.

  • Attribute Categories

Security attribute categories include compliance standards, vulnerabilities, data security attributes, email authenticity assurance techniques, access control methods, and audit features.

Add a Security Profile for Private Access < Manage VPN Connection Posture Profiles > Add an App Risk Profile

Updated 8 days ago