 |
| Courtesy Doug Cahill blog (ESG Research |
Any company selling SaaS will recognize this type of customer concern.
Of course the reality is that there is no one "cloud". Maturity and capability will vary across all organizations and industries. Unfortunately, many risk assessors mistake possession for security.
When assessing risk to adopt a SaaS product, consider..
SaaS provider VS on-premises
Technical control
- Is meaningful encryption provided by the SaaS provider? What about on-premises?
- What methods exist to prevent exploitation at the SaaS provider? How does this compare to on-premises?
- How well will the SaaS provider profile and understand expected application behavior? Are on-premises applications profiled and well understood?
- How quickly can the SaaS provider implement service updates? How quickly do you upgrade and patch complex on-premises applications?
Security Staff & Focus
- What is the SaaS provider's incentive and capability to prevent a breach? How does this compare with on-premises security commitment and capability?
- What percent of the SaaS organization is devoted to security and control? How about on-premises?
- Is the SaaS provider staffed to monitor, defend, and respond to attacks? On-premises?
Target & Incentive
- What incentive might an attacker have to breach the SaaS provider? How about on-premises?
- What capability to detect or prevent advanced or targeted attack does the SaaS provider have? How about on-premises?
- If the SaaS provider is breached, will you be notified? If on-premises is breached, will you be notified?
Businesses adopting a "Cloud" product are forging a strategic partnership. The partner must be both capable and trustworthy.
No different than any other potential business partnership, it requires due diligence to ensure mutual alignment.
References:
Doug Cahill: Squirrel! What to chase at Black Hat 2016
ESG Research Report: The Visibility and Control Requirements of Cloud Application Security
Interesting perspective on the common belief that on-premise systems are automatically more secure than cloud environments. Many organizations still assume that keeping data physically inside their infrastructure means better protection, but security really depends on how systems are managed, monitored, and updated. In fact, several studies have shown that many large data breaches actually occur within traditional on-premise environments rather than cloud platforms. Learning these modern strategies through a **Login360 digital marketing course Chennai** can also help professionals understand evolving digital technologies and security trends.
ReplyDeleteClear and concise article. Checking out digital marketing training in chennai.
ReplyDeleteGreat insight on cloud vs on‑prem security — totally agree that security isn’t just about location but mindset and execution! UI UX design course online
ReplyDeletenformative and engaging article. I’ve also been researching digital marketing training in chennai</a
ReplyDeleteThanks for sharing such insights. Also check best digital marketing training institute
ReplyDeleteThanks for sharing this. It aligns with topics like Data Science or Data Analytics.
ReplyDeleteGreat read! Designers can improve their craft with the Figma UI/UX Course. Developers should also check out the Full Stack Developer Course in Chennai.
ReplyDeleteThanks for sharing this Social Media Marketing Course
ReplyDeleteA simple and clear guide. Visit Best Web Design Course for Beginners
ReplyDelete