Many enterprise applications are shifting, if not already, to subscription (opex) models. This is largely in the form of vendors now offering Software as a Service (SaaS) to customers. Customers, in many cases, need no longer worry about maintaining the infrastructure necessary to host licensed software due to the widespread adoption of SaaS.
Despite the numerous benefits SaaS offers, there are inherent cyber risks that need to be understood and considered. Customers transfer ownership of maintaining the infrastructure, platform, and software to the vendor, but this does not transfer the risk along with it.
In this talk, we’ll take an in-depth look at the following topics and discuss best practices and recommendations:
1. How SaaS may introduce additional cyber risk to your organization.
2. Effective means to assess SaaS vendors for cyber risk to your organization.
3. Common traps and oversights in SaaS vendor risk assessments.