Ensure Cloud Security in a SaaS Environment

The devil’s in the details when realizing full value from a SaaS program.

Onsite Workshop

Ad hoc or immature SaaS security can cause:

  • Insecure service-level agreements.
  • Limited to no visibility to SaaS data security.
  • Short-lived security controls.

Upfront determination of security requirements results in:

  • Favorable service-level agreements.
  • Visibility and transparency into SaaS vendor security operations.
  • Continued security of SaaS hosted data and information.

Module 1: Determine Your SaaS Risk Profile

The Purpose

  • Identify rationale for adopting a SaaS program to ensure security is not an impediment.
  • Identify major changes to security obligations from the adoption of a SaaS program.
  • Determine the risk profile of the organization’s new SaaS program.

Key Benefits Achieved

  • Realize business benefits: Identify the business’s main rationale for adopting SaaS and ensure this is not impeded.
  • Understand your security scope: Assessing the business processes being changed and respective changes to your security obligations will provide the scope of your responsibilities.
  • Identified SaaS risk profile: Clearly identified and communicable risk profile.

Activities: Outputs:
1.1 Identify the organization’s main benefits for adopting a SaaS program and prioritize these benefits.
  • Identified your organization’s rationale for adopting a SaaS program and prioritized these benefits.
1.2 Determine the importance of the assets being moved to the cloud.
  • Assessed the business impact of a SaaS program.
1.3 Re-evaluate organization’s risk tolerance level and change accordingly.
  • Identified changes to your security obligations.
1.4 Determine SaaS risk profile.
  • Determined your SaaS risk profile.

Module 2: Determine Your SaaS Security Requirements

The Purpose

  • Develop an understanding of how SaaS security can be achieved.
  • Determine and document all security control requirements of the organization.

Key Benefits Achieved

  • Select a safe SaaS vendor.
  • Select an auditable SaaS vendor.
  • Select a transparent SaaS vendor.
  • Select a portable SaaS vendor.

Activities: Outputs:
2.1 Understand how consumers can evaluate vendors’ security capabilities.
  • Evaluated vendors’ security capability completeness based on your organization’s SaaS risk profile.
2.2 Perform a cloud security requirement completeness assessment.
2.3 Perform a cloud security auditability assessment.
  • Evaluated vendors’ auditable levels of their certifications and security testing.
2.4 Perform a cloud security governability assessment.
  • Evaluated vendors’ governability by assessing transparency.
2.5 Perform a cloud security interoperability assessment.
  • Evaluated vendors’ portability by assessing their interoperability.

Module 3: Create Your SaaS Security Requirements Documents and Evaluate Vendors

The Purpose

  • Document SaaS security requirements.
  • Double check requirements.
  • Evaluate SaaS vendors from a security perspective.

Key Benefits Achieved

  • Communicate your security requirements to internal SaaS project team.
  • Communicate your security requirements to external cloud vendor.
  • Determine which vendors are appropriate for you.
  • Determine which vendors support the security controls you require.

Activities: Outputs:
3.1 Document your completeness, auditability, governability, and interoperability requirements into the SaaS Security SLA.
  • Completed SaaS Security SLA Document.
3.2 Double check SLA and prepare talking points with cloud vendors.
  • Prepared communications with cloud vendor.
3.3 Identify vendors that satisfy security requirements.
3.4 Develop negotiation tactics with vendors.
3.5 Alter vendor sourcing process for SaaS vendor selection.
  • Documented evaluation of potential SaaS vendors.

Module 4: Build a SaaS Governance Program to Maintain and Measure Security

The Purpose

  • Document SaaS security requirements.
  • Double check requirements.
  • Evaluate SaaS vendors from a security perspective.

Key Benefits Achieved

  • Determine what ongoing procedures and policies are right for your organization.
  • Customize all governing components for your organization.

Activities: Outputs:
4.1 Build the organizational structure of your SaaS Security Governance Program.
  • Documented all policies and procedures that you will need to successfully ensure continued strong SaaS security.
4.2 Define the escalation process.
4.3 Build a SaaS Security Governance Committee.
4.4 Document IAM policies and procedures.
4.5 Develop communication management.
  • Communicated with your vendor on ongoing procedures.
4.6 Overview of SaaS Security Governance Program suggested policies for customization.
4.7 Build a metrics program.

Workshop icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book a Workshop View Blueprint
Visit our COVID-19 Resource Center and our Cost Management Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019
GET HELP Contact Us
×
VL Methodology

Book an appointment with one of our representatives.

Get in Touch