Ensure Cloud Security in a SaaS Environment
The devil’s in the details when realizing full value from a SaaS program.
Book This WorkshopAd hoc or immature SaaS security can cause:
- Insecure service-level agreements.
- Limited to no visibility to SaaS data security.
- Short-lived security controls.
Upfront determination of security requirements results in:
- Favorable service-level agreements.
- Visibility and transparency into SaaS vendor security operations.
- Continued security of SaaS hosted data and information.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book NowModule 1: Determine Your SaaS Risk Profile
The Purpose
- Identify rationale for adopting a SaaS program to ensure security is not an impediment.
- Identify major changes to security obligations from the adoption of a SaaS program.
- Determine the risk profile of the organization’s new SaaS program.
Key Benefits Achieved
- Realize business benefits: Identify the business’s main rationale for adopting SaaS and ensure this is not impeded.
- Understand your security scope: Assessing the business processes being changed and respective changes to your security obligations will provide the scope of your responsibilities.
- Identified SaaS risk profile: Clearly identified and communicable risk profile.
Activities: | Outputs: | |
---|---|---|
1.1 | Identify the organization’s main benefits for adopting a SaaS program and prioritize these benefits. |
|
1.2 | Determine the importance of the assets being moved to the cloud. |
|
1.3 | Re-evaluate organization’s risk tolerance level and change accordingly. |
|
1.4 | Determine SaaS risk profile. |
|
Module 2: Determine Your SaaS Security Requirements
The Purpose
- Develop an understanding of how SaaS security can be achieved.
- Determine and document all security control requirements of the organization.
Key Benefits Achieved
- Select a safe SaaS vendor.
- Select an auditable SaaS vendor.
- Select a transparent SaaS vendor.
- Select a portable SaaS vendor.
Activities: | Outputs: | |
---|---|---|
2.1 | Understand how consumers can evaluate vendors’ security capabilities. |
|
2.2 | Perform a cloud security requirement completeness assessment. |
|
2.3 | Perform a cloud security auditability assessment. |
|
2.4 | Perform a cloud security governability assessment. |
|
2.5 | Perform a cloud security interoperability assessment. |
|
Module 3: Create Your SaaS Security Requirements Documents and Evaluate Vendors
The Purpose
- Document SaaS security requirements.
- Double check requirements.
- Evaluate SaaS vendors from a security perspective.
Key Benefits Achieved
- Communicate your security requirements to internal SaaS project team.
- Communicate your security requirements to external cloud vendor.
- Determine which vendors are appropriate for you.
- Determine which vendors support the security controls you require.
Activities: | Outputs: | |
---|---|---|
3.1 | Document your completeness, auditability, governability, and interoperability requirements into the SaaS Security SLA. |
|
3.2 | Double check SLA and prepare talking points with cloud vendors. |
|
3.3 | Identify vendors that satisfy security requirements. |
|
3.4 | Develop negotiation tactics with vendors. |
|
3.5 | Alter vendor sourcing process for SaaS vendor selection. |
|
Module 4: Build a SaaS Governance Program to Maintain and Measure Security
The Purpose
- Document SaaS security requirements.
- Double check requirements.
- Evaluate SaaS vendors from a security perspective.
Key Benefits Achieved
- Determine what ongoing procedures and policies are right for your organization.
- Customize all governing components for your organization.
Activities: | Outputs: | |
---|---|---|
4.1 | Build the organizational structure of your SaaS Security Governance Program. |
|
4.2 | Define the escalation process. |
|
4.3 | Build a SaaS Security Governance Committee. |
|
4.4 | Document IAM policies and procedures. |
|
4.5 | Develop communication management. |
|
4.6 | Overview of SaaS Security Governance Program suggested policies for customization. |
|
4.7 | Build a metrics program. |
|