Abstract: The disclosure relates to a method, system and computer readable storage medium for determining and/or controlling security of data available to a third-party provider. For example, the method controls security of data belonging to a client and available to a third-party provider by receiving vulnerability scan data, determining a plurality of vulnerability metrics for the data of the client at the third-party provider using the vulnerability scan data, wherein the plurality of vulnerability metrics are based on where the data belonging to the client is stored at the third-party provider, determining a security score for the third-party provider based on the plurality of vulnerability metrics and a risk profile of the client; and causing a display device to display the security score determined for the third-party provider to control security of the data belonging to the client and available to the third-party provider.