SaaS Governance Best Practices for Cloud Customers

dcontesti · ‎06-12-2022

An excellent read:

In the context of cloud security, the focus is almost always on securing Infrastructure-as-a-Service (IaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they are often consuming tens to hundreds of SaaS Offerings. The SaaS Governance Best Practice for Cloud Customers is a baseline set of fundamental governance practices for SaaS environments. It enumerates and considers risks during all stages of the SaaS lifecycle, including Evaluation, Adoption, Usage, and Termination.

The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. Failing to adjust accordingly can have devastating consequences such as disclosing sensitive data, loss of revenue, customer trust, and regulatory consequences.

Key Takeaways:

Provides a baseline set of SaaS governance best practices for protecting data within SaaS environments;
Enumerates and considers risks according to the SaaS adoption and usage lifecycles, and
Provides potential mitigation measures from the SaaS customer’s perspective.

https://cloudsecurityalliance.org/artifacts/saas-governance-best-practices-for-cloud-customers/

tmekelburg1 · ‎06-13-2022

I'm still surprised by the amount of security controls SaaS providers are lacking. For example, one provider we were looking at had redundant data centers but both were located in Texas. Which they didn't want to tell us at first because they believe it's more secure not to tell potential customers where their data centers are located (big pet peeve of mine btw). My next question was, "So what happens when another winter storm hits?" 🙃