CyberSecurityBoard
Sponsor Register Login

Who is Responsible for Ensuring the Security of Data in SaaS Applications

As SaaS applications became more popular, it was unclear who was responsible for protecting the data. Nowadays, most security and IT teams understand the shared responsibility model, where the SaaS vendor is responsible for the application's security, while the organization is responsible for their data. It is more difficult to determine who is responsible for the data on the organization's side. This is especially true for larger organizations that store large amounts of customer, employee, financial, strategic, and other sensitive data online. If there is a SaaS data breach or ransomware attack, this data could be exposed or lost, and depending on the industry, the business could face serious regulatory penalties. Before deploying any type of SSPM or other SaaS security solution, it is important to find the right security model. There are several different groups involved in the SaaS security ecosystem. SaaS App Owners understand the need for data security, but it is not their responsibility or something they know much about. Central IT is responsible for infrastructure, hardware, and passwords, but SaaS applications are not usually in their domain. Security Teams are the natural fit for implementing security controls and oversight, but they may not be aware of all the SaaS applications being used by the company. GRC Teams are in charge of making sure all IT meets security standards, but they do not have a direct role in securing corporate assets. The SaaS Vendor is not responsible for securing the data, but they are the ones who built the security apparatus for the SaaS application. To protect the data, all of these teams must work together and use a SaaS Security platform that facilitates communication between the security team and app owners. This platform should provide alerts when misconfigurations occur, threats are detected, and should include remediation steps. App owners and Central IT should have visibility and access to the apps they are responsible for, and the ability to dismiss security alerts.

This Cyber News was published on thehackernews.com. Publication date: Mon, 06 Feb 2023 12:45:03 +0000


Cyber News related to Who is Responsible for Ensuring the Security of Data in SaaS Applications

The ONE Thing All Modern SaaS Risk Management Programs Do - Reducing SaaS risk is, without a doubt, a difficult challenge. Gaining visibility into all the SaaS apps used across an enterprise is hard enough, but it becomes an even greater challenge when only a portion of the apps go through the company's ...
2 months ago Securityboulevard.com
SaaS Asset and User Numbers are Exploding: Is SaaS Data Security Keeping Up? - DoControl's recently released The State of SaaS Data Security 2024 report revealed a striking picture of ballooning SaaS asset and user numbers alongside security gaps that open the door to exploitation. The report, based on data from DoControl's ...
2 months ago Cybersecurity-insiders.com
Who is Responsible for Ensuring the Security of Data in SaaS Applications - As SaaS applications became more popular, it was unclear who was responsible for protecting the data. Nowadays, most security and IT teams understand the shared responsibility model, where the SaaS vendor is responsible for the application's ...
1 year ago Thehackernews.com
How the New NIST 2.0 Guidelines Help Detect SaaS Threats - The SaaS ecosystem has exploded in the six years since the National Institute of Standards and Technology's cybersecurity framework 1.1 was released. Back in 2016-2017, when version 1.1 was initially drafted, SaaS held a small but significant place ...
3 months ago Bleepingcomputer.com
IaaS vs PaaS vs SaaS Security: Which Is Most Secure? - Security concerns include data protection, network security, identity and access management, and physical security. While IaaS gives complete control and accountability, PaaS strikes a compromise between control and simplicity, and SaaS provides a ...
6 months ago Esecurityplanet.com
Report Surfaces Extent of SaaS Application Insecurity - An analysis of how 493 organizations are employing software-as-a-service applications published today by Wing Security finds nearly all experienced a security incident involving at least one application. A full 81% reported security incidents ...
4 months ago Securityboulevard.com
The Qlik Cyber Attack: Why SSPM Is a Must Have for CISOs - On November 28 2023, Arctic Wolf Labs reported on a new Cactus ransomware campaign which exploits publicly-exposed installations of Qlik Sense, a cloud analytics and business intelligence platform. With a breach like Qlik, the first question that ...
7 months ago Securityboulevard.com
How to Eliminate Shadow IT and Achieve a Secure SaaS Environment in 2023 - The prevalence of Shadow IT has grown exponentially over the years, with most organizations being unaware of the security risks of unauthorized cloud applications. Shadow IT is any application or cloud service being used by employees for business ...
1 year ago Thehackernews.com
What Is a SaaS Security Checklist? Tips & Free Template - SaaS security checklists are frameworks for protecting data and applications in cloud-based environments. These checklists include security standards and best practices for SaaS and cloud applications, and B2B SaaS providers use them to guarantee ...
2 months ago Esecurityplanet.com
AppOmni Previews Generative AI Tool to Better Secure SaaS Apps - AppOmni this week unveiled a technology preview of a digital assistant to its platform for protecting software-as-a-service applications that uses generative artificial intelligence to identify cybersecurity issues. The AskOmni assistant provides ...
6 months ago Securityboulevard.com
Reco Employs Graph and AI Technologies to Secure SaaS Apps - Reco today launched a platform that makes use of machine learning algorithms and graph technology to secure software-as-a-service applications. The Reco Identities Interaction graph technology connects to SaaS applications via its application ...
6 months ago Securityboulevard.com
Savvy Launches Identity-First Security Offering to Combat Toxic Combinations Driving SaaS Risk - PRESS RELEASE. TEL AVIV, Israel, Jan. 16, 2024 - Savvy, a software-as-a-service security platform provider, today announced its Identity-First Security offering that uncovers risks created by a toxic combination of identity access management ...
5 months ago Darkreading.com
Cloud Security: Ensuring Data Protection in the Cloud - Data Encryption: Protecting sensitive data is a top priority in cloud security. Cloud security is of utmost importance when it comes to protecting and ensuring the confidentiality of data stored and transmitted in the cloud. Data protection in the ...
4 months ago Securityzap.com
Wing Security unveils automated protection against AI-SaaS risks - Wing Security unveils an automatic advanced approach to counter the evolving risks of Intellectual Property and data leakage into GenAI applications. Amidst the growing adoption of GenAI, and the many SaaS applications powered by GenAI, Wing brings ...
5 months ago Helpnetsecurity.com
The Importance of Incident Response for SaaS - The importance of a thorough incident response strategy cannot be understated as organizations prepare to identify, investigate, and resolve threats as effectively as possible. Most security veterans are already well aware of this fact, and their ...
7 months ago Securityboulevard.com
Latest Information Security and Hacking Incidents - According to 25% of participants in an IBM study conducted in September 2022 among 3,000 companies and tech executives worldwide, security worries stand in the way of their ability to achieve their cloud-related goals. Nowadays, a lot of ...
6 months ago Cysecurity.news
Strategies for Securing Student Data in Cloud Services - This article addresses the strategies that educational organizations can employ to ensure the protection and confidentiality of student data in cloud services. Implementing strong access controls is crucial for ensuring the security of student data ...
6 months ago Securityzap.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
4 months ago Cybersecuritynews.com
2024 brings changes in data security strategies - 2024 will be a revolutionary year for the data security landscape as Data Security Posture Management technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business ...
7 months ago Helpnetsecurity.com
Online Learning Security Best Practices - The rapid increase in remote learning has raised security concerns surrounding online learning platforms. The security of online learning platforms involves implementing robust measures to protect against unauthorized access and data breaches. By ...
6 months ago Securityzap.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
6 months ago Esecurityplanet.com
6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
4 months ago Esecurityplanet.com
The Art of Securing Cloud-Native Mobile Applications - We will explore the dynamic intersection of cloud-native architecture and mobile application security, delving into the strategies and best practices essential for safeguarding sensitive data, ensuring user privacy, and fortifying against emerging ...
6 months ago Feeds.dzone.com
Former Global CISO of Wells Fargo, Sunil Seshadri, Joins Board of Directors at Obsidian Security - This week, Obsidian Security, announces the appointment of Sunil Seshadri to its Board of Directors. Sunil joins the board at a time when the Obsidian platform has become essential to Incident Response providers around the world as they respond to a ...
1 week ago Itsecurityguru.org
Former Global CISO of Wells Fargo, Sunil Seshadri, Joins Board of Directors at Obsidian Security - This week, Obsidian Security, announces the appointment of Sunil Seshadri to its Board of Directors. Sunil joins the board at a time when the Obsidian platform has become essential to Incident Response providers around the world as they respond to a ...
1 week ago Itsecurityguru.org

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)