Why Vendor Security Assessments Fall Short for 3rd-Party SaaS App Security - Seguridad Mania.com - España y América Latina

Before organizations begin working with a new vendor, there’s usually a Vendor Security Assessment. It’s a point-in-time assessment of a vendor’s product, posture, and/or infrastructure. But what happens after the vendor is in place within your organization? Who is keeping tabs on how the technology is used, who (and what) has access, and whether the proper settings and configurations remain in place? While it’s important to assess the security posture of your vendor pre-purchase, those assessments don’t address the main source of risk for SaaS applications: the SaaS application’s ongoing and secure configuration by your organization. Gartner states that 99% of cloud security issues are the customer’s responsibility and where security often fails, and this also holds true in SaaS. It’s critical for organizations to manage ongoing configuration and data access to maintain appropriate SaaS security. This session will help security and IT teams understand how they can adopt best practices around the ongoing secure usage of dynamic and scalable SaaS applications. Join Harold Byun, Chief Product Officer at AppOmni; Mark Butler, Advisory CISO at Trace3; and moderator Bryan Solari, Regional Manager at AppOmni, as they discuss: • The value of an ongoing SaaS security program: moving to continuous security for SaaS applications • The Shared Responsibility Model of SaaS, and where customer responsibilities begin and end • How the SaaS Shared Responsibility Model is different from the Cloud Shared Responsibility Model • How to monitor the scope of access across your SaaS estate • How organizations can stay up to date - and even get ahead of - and proactively maintain SaaS security best practices • What SaaS applications to prioritize when building your SaaS security program, and which specific access and data security capabilities and functions to consider.