Before organizations begin working with a new vendor, there’s usually a Vendor Security Assessment. It’s a point-in-time assessment of a vendor’s product, posture, and/or infrastructure. But what happens after the vendor is in place within your organization? Who is keeping tabs on how the technology is used, who (and what) has access, and whether the proper settings and configurations remain in place?
While it’s important to assess the security posture of your vendor pre-purchase, those assessments don’t address the main source of risk for SaaS applications: the SaaS application’s ongoing and secure configuration by your organization. Gartner states that 99% of cloud security issues are the customer’s responsibility and where security often fails, and this also holds true in SaaS. It’s critical for organizations to manage ongoing configuration and data access to maintain appropriate SaaS security. This session will help security and IT teams understand how they can adopt best practices around the ongoing secure usage of dynamic and scalable SaaS applications. Join Harold Byun, Chief Product Officer at AppOmni; Mark Butler, Advisory CISO at Trace3; and moderator Bryan Solari, Regional Manager at AppOmni, as they discuss:
• The Shared Responsibility Model of SaaS - Where Customer Responsibilities Begin and End
• Differences Between the SaaS Shared Responsibility Model and Cloud Shared Responsibility Model
• SaaS Security Management Best Practices
• Common Security Pitfalls Across SaaS Applications
• SaaS Security Program Accountability & Ownership Best Practices
• Which SaaS Applications to Include in Your SaaS Security Program and How To Prioritize Your Selection