Who is Responsible for Ensuring the Security of Data in SaaS Applications

As SaaS applications became more popular, it was unclear who was responsible for protecting the data. Nowadays, most security and IT teams understand the shared responsibility model, where the SaaS vendor is responsible for the application's security, while the organization is responsible for their data. It is more difficult to determine who is responsible for the data on the organization's side. This is especially true for larger organizations that store large amounts of customer, employee, financial, strategic, and other sensitive data online. If there is a SaaS data breach or ransomware attack, this data could be exposed or lost, and depending on the industry, the business could face serious regulatory penalties. Before deploying any type of SSPM or other SaaS security solution, it is important to find the right security model. There are several different groups involved in the SaaS security ecosystem. SaaS App Owners understand the need for data security, but it is not their responsibility or something they know much about. Central IT is responsible for infrastructure, hardware, and passwords, but SaaS applications are not usually in their domain. Security Teams are the natural fit for implementing security controls and oversight, but they may not be aware of all the SaaS applications being used by the company. GRC Teams are in charge of making sure all IT meets security standards, but they do not have a direct role in securing corporate assets. The SaaS Vendor is not responsible for securing the data, but they are the ones who built the security apparatus for the SaaS application. To protect the data, all of these teams must work together and use a SaaS Security platform that facilitates communication between the security team and app owners. This platform should provide alerts when misconfigurations occur, threats are detected, and should include remediation steps. App owners and Central IT should have visibility and access to the apps they are responsible for, and the ability to dismiss security alerts.

This Cyber News was published on thehackernews.com. Publication date: Mon, 06 Feb 2023 12:45:03 +0000


Cyber News related to Who is Responsible for Ensuring the Security of Data in SaaS Applications

The ONE Thing All Modern SaaS Risk Management Programs Do - Reducing SaaS risk is, without a doubt, a difficult challenge. Gaining visibility into all the SaaS apps used across an enterprise is hard enough, but it becomes an even greater challenge when only a portion of the apps go through the company's ...
6 months ago Securityboulevard.com
SaaS Asset and User Numbers are Exploding: Is SaaS Data Security Keeping Up? - DoControl's recently released The State of SaaS Data Security 2024 report revealed a striking picture of ballooning SaaS asset and user numbers alongside security gaps that open the door to exploitation. The report, based on data from DoControl's ...
7 months ago Cybersecurity-insiders.com
Who is Responsible for Ensuring the Security of Data in SaaS Applications - As SaaS applications became more popular, it was unclear who was responsible for protecting the data. Nowadays, most security and IT teams understand the shared responsibility model, where the SaaS vendor is responsible for the application's ...
1 year ago Thehackernews.com
How the New NIST 2.0 Guidelines Help Detect SaaS Threats - The SaaS ecosystem has exploded in the six years since the National Institute of Standards and Technology's cybersecurity framework 1.1 was released. Back in 2016-2017, when version 1.1 was initially drafted, SaaS held a small but significant place ...
7 months ago Bleepingcomputer.com
Report Surfaces Extent of SaaS Application Insecurity - An analysis of how 493 organizations are employing software-as-a-service applications published today by Wing Security finds nearly all experienced a security incident involving at least one application. A full 81% reported security incidents ...
9 months ago Securityboulevard.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
10 months ago Esecurityplanet.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
1 month ago Aws.amazon.com
The Qlik Cyber Attack: Why SSPM Is a Must Have for CISOs - On November 28 2023, Arctic Wolf Labs reported on a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform. With a breach like Qlik, the first question that ...
11 months ago Securityboulevard.com
How to Eliminate Shadow IT and Achieve a Secure SaaS Environment in 2023 - The prevalence of Shadow IT has grown exponentially over the years, with most organizations being unaware of the security risks of unauthorized cloud applications. Shadow IT is any application or cloud service being used by employees for business ...
1 year ago Thehackernews.com
What Is a SaaS Security Checklist? Tips & Free Template - SaaS security checklists are frameworks for protecting data and applications in cloud-based environments. These checklists include security standards and best practices for SaaS and cloud applications, and B2B SaaS providers use them to guarantee ...
7 months ago Esecurityplanet.com
AppOmni Previews Generative AI Tool to Better Secure SaaS Apps - AppOmni this week unveiled a technology preview of a digital assistant to its platform for protecting software-as-a-service applications that uses generative artificial intelligence to identify cybersecurity issues. The AskOmni assistant provides ...
10 months ago Securityboulevard.com
Reco Employs Graph and AI Technologies to Secure SaaS Apps - Reco today launched a platform that makes use of machine learning algorithms and graph technology to secure software-as-a-service applications. The Reco Identities Interaction graph technology connects to SaaS applications via its application ...
10 months ago Securityboulevard.com
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
1 month ago Helpnetsecurity.com
Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk - PRESS RELEASE. TEL AVIV, Israel, Jan. 16, 2024 - Savvy, a software-as-a-service security platform provider, today announced its Identity-First Security offering that uncovers risks created by a toxic combination of identity access management ...
9 months ago Darkreading.com
SSPM: A Better Way to Secure SaaS Applications  - Security Boulevard - “GenAI can be incredibly powerful, but it must be used with caution,” Nakash warns, and adds that “if not properly managed, it can expose sensitive data or generate misleading insights.” As one report by Forrester notes, 71% of organizations ...
1 month ago Securityboulevard.com
Wing Security unveils automated protection against AI-SaaS risks - Wing Security unveils an automatic advanced approach to counter the evolving risks of Intellectual Property and data leakage into GenAI applications. Amidst the growing adoption of GenAI, and the many SaaS applications powered by GenAI, Wing brings ...
9 months ago Helpnetsecurity.com
Cloud Security: Ensuring Data Protection in the Cloud - Data Encryption: Protecting sensitive data is a top priority in cloud security. Cloud security is of utmost importance when it comes to protecting and ensuring the confidentiality of data stored and transmitted in the cloud. Data protection in the ...
9 months ago Securityzap.com
The Importance of Incident Response for SaaS - The importance of a thorough incident response strategy cannot be understated as organizations prepare to identify, investigate, and resolve threats as effectively as possible. Most security veterans are already well aware of this fact, and their ...
11 months ago Securityboulevard.com
Latest Information Security and Hacking Incidents - According to 25% of participants in an IBM study conducted in September 2022 among 3,000 companies and tech executives worldwide, security worries stand in the way of their ability to achieve their cloud-related goals. Nowadays, a lot of ...
10 months ago Cysecurity.news
The First 10 Days of a vCISO’S Journey with a New Client - Cyber Defense Magazine - During this period, the vCISO conducts a comprehensive assessment to identify vulnerabilities, engages with key stakeholders to align security efforts with business objectives, and develops a strategic roadmap to prioritize actions and resources. If ...
1 month ago Cyberdefensemagazine.com
Strategies for Securing Student Data in Cloud Services - This article addresses the strategies that educational organizations can employ to ensure the protection and confidentiality of student data in cloud services. Implementing strong access controls is crucial for ensuring the security of student data ...
10 months ago Securityzap.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
9 months ago Cybersecuritynews.com
2024 brings changes in data security strategies - 2024 will be a revolutionary year for the data security landscape as Data Security Posture Management technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business ...
11 months ago Helpnetsecurity.com
Online Learning Security Best Practices - The rapid increase in remote learning has raised security concerns surrounding online learning platforms. The security of online learning platforms involves implementing robust measures to protect against unauthorized access and data breaches. By ...
10 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)