Why Vendor Security Assessments Fall Short for 3rd-Party SaaS App Security

Presented by

Harold Byun, Chief Product Officer, AppOmni, Mark Butler, Advisory CISO, Trace3, Bryan Solari, Regional Manager, AppOmni

About this talk

Before organizations begin working with a new vendor, there’s usually a Vendor Security Assessment. It’s a point-in-time assessment of a vendor’s product, posture, and/or infrastructure. But what happens after the vendor is in place within your organization? Who is keeping tabs on how the technology is used, who (and what) has access, and whether the proper settings and configurations remain in place? While it’s important to assess the security posture of your vendor pre-purchase, those assessments don’t address the main source of risk for SaaS applications: the SaaS application’s ongoing and secure configuration by your organization. Gartner states that 99% of cloud security issues are the customer’s responsibility and where security often fails, and this also holds true in SaaS. It’s critical for organizations to manage ongoing configuration and data access to maintain appropriate SaaS security. This session will help security and IT teams understand how they can adopt best practices around the ongoing secure usage of dynamic and scalable SaaS applications. Join Harold Byun, Chief Product Officer at AppOmni; Mark Butler, Advisory CISO at Trace3; and moderator Bryan Solari, Regional Manager at AppOmni, as they discuss: • The Shared Responsibility Model of SaaS - Where Customer Responsibilities Begin and End • Differences Between the SaaS Shared Responsibility Model and Cloud Shared Responsibility Model • SaaS Security Management Best Practices • Common Security Pitfalls Across SaaS Applications • SaaS Security Program Accountability & Ownership Best Practices • Which SaaS Applications to Include in Your SaaS Security Program and How To Prioritize Your Selection
Related topics:

More from this channel

Upcoming talks (6)
On-demand talks (897)
Subscribers (63539)
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa