The devil’s in the details when realizing full value from a SaaS program.
Onsite Workshop
Ad hoc or immature SaaS security can cause:
Insecure service-level agreements.
Limited to no visibility to SaaS data security.
Short-lived security controls.
Upfront determination of security requirements results in:
Favorable service-level agreements.
Visibility and transparency into SaaS vendor security operations.
Continued security of SaaS hosted data and information.
Module 1: Determine Your SaaS Risk Profile
The Purpose
Identify rationale for adopting a SaaS program to ensure security is not an impediment.
Identify major changes to security obligations from the adoption of a SaaS program.
Determine the risk profile of the organization’s new SaaS program.
Key Benefits Achieved
Realize business benefits: Identify the business’s main rationale for adopting SaaS and ensure this is not impeded.
Understand your security scope: Assessing the business processes being changed and respective changes to your security obligations will provide the scope of your responsibilities.
Identified SaaS risk profile: Clearly identified and communicable risk profile.
Activities:
Outputs:
1.1
Identify the organization’s main benefits for adopting a SaaS program and prioritize these benefits.
Identified your organization’s rationale for adopting a SaaS program and prioritized these benefits.
1.2
Determine the importance of the assets being moved to the cloud.
Assessed the business impact of a SaaS program.
1.3
Re-evaluate organization’s risk tolerance level and change accordingly.
Identified changes to your security obligations.
1.4
Determine SaaS risk profile.
Determined your SaaS risk profile.
Module 2: Determine Your SaaS Security Requirements
The Purpose
Develop an understanding of how SaaS security can be achieved.
Determine and document all security control requirements of the organization.
Key Benefits Achieved
Select a safe SaaS vendor.
Select an auditable SaaS vendor.
Select a transparent SaaS vendor.
Select a portable SaaS vendor.
Activities:
Outputs:
2.1
Understand how consumers can evaluate vendors’ security capabilities.
Evaluated vendors’ security capability completeness based on your organization’s SaaS risk profile.
2.2
Perform a cloud security requirement completeness assessment.
2.3
Perform a cloud security auditability assessment.
Evaluated vendors’ auditable levels of their certifications and security testing.
2.4
Perform a cloud security governability assessment.
Evaluated vendors’ governability by assessing transparency.
2.5
Perform a cloud security interoperability assessment.
Evaluated vendors’ portability by assessing their interoperability.
Module 3: Create Your SaaS Security Requirements Documents and Evaluate Vendors
The Purpose
Document SaaS security requirements.
Double check requirements.
Evaluate SaaS vendors from a security perspective.
Key Benefits Achieved
Communicate your security requirements to internal SaaS project team.
Communicate your security requirements to external cloud vendor.
Determine which vendors are appropriate for you.
Determine which vendors support the security controls you require.
Activities:
Outputs:
3.1
Document your completeness, auditability, governability, and interoperability requirements into the SaaS Security SLA.
Completed SaaS Security SLA Document.
3.2
Double check SLA and prepare talking points with cloud vendors.
Prepared communications with cloud vendor.
3.3
Identify vendors that satisfy security requirements.
3.4
Develop negotiation tactics with vendors.
3.5
Alter vendor sourcing process for SaaS vendor selection.
Documented evaluation of potential SaaS vendors.
Module 4: Build a SaaS Governance Program to Maintain and Measure Security
The Purpose
Document SaaS security requirements.
Double check requirements.
Evaluate SaaS vendors from a security perspective.
Key Benefits Achieved
Determine what ongoing procedures and policies are right for your organization.
Customize all governing components for your organization.
Activities:
Outputs:
4.1
Build the organizational structure of your SaaS Security Governance Program.
Documented all policies and procedures that you will need to successfully ensure continued strong SaaS security.
4.2
Define the escalation process.
4.3
Build a SaaS Security Governance Committee.
4.4
Document IAM policies and procedures.
4.5
Develop communication management.
Communicated with your vendor on ongoing procedures.
4.6
Overview of SaaS Security Governance Program suggested policies for customization.
4.7
Build a metrics program.
Book Your Workshop
Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.
Book Your Workshop