In episode 103 of the Cybersecurity Minute, Rob Wood covers software-as-a-service (SaaS) and what cybersecurity leaders need to keep in mind when utilizing it.
This episode is sponsored by “Selling to the New Executive Buying Committee,” an Acceleration Economy Course designed to help vendors, partners, and buyers understand the shifting sands of how mid-market and enterprise CXOs are making purchase decisions to modernize technology.
Highlights
00:35 — SaaS security is often considered to be the safest option. If you think back to when cloud services first started to come online, and the shared responsibility matrix was a hot-button topic, you were at the most risk when you were adopting cloud in the infrastructure-as-a-service model because you had to do a lot of things on your own. This was not the case with platform-as-a-service or SaaS.
Which companies are the most important vendors in cybersecurity? Check out
the Acceleration Economy Cybersecurity
Top 10 Shortlist.
01:07 — But we’re seeing more SaaS providers have more configuration options, and more data is moving into those environments, so the risk is increasing. If you’re using SaaS tools and they’re supporting value centers, then you have to think about how you create an inventory of those SaaS applications. You also need to consider how you connect into those SaaS apps to orchestrate and enforce the policy you’re setting within them.
01:52 — This is not something that you can get away with by just burying your head in the sand. So many things can go wrong, from account takeovers to improper data use. This is not meant to unnerve you; it is meant to provide a foundation from which you can start to advocate for getting your arms around this problem within your organization.
02:29 — Start with your inventory, as you would with any other cybersecurity initiative. Asset management is absolutely key. It’s foundational. Start with that within your SaaS security program.
