Cloud 101CircleEventsBlog
Join us for Cybersecurity Awareness Month! Strengthen your cyber resilience with essential security tips and resources for everyone.

Download Publication

SaaS Governance Best Practices for Cloud Customers
SaaS Governance Best Practices for Cloud Customers
Who it's for:
  • Application developers
  • Application Architects
  • Cybersecurity professionals
  • Cloud security practitioners
  • IT professionals
  • Auditors
  • Compliance managers

SaaS Governance Best Practices for Cloud Customers

Release Date: 10/10/2022

Working Group: SaaS Governance

In the context of cloud security, the focus is almost always on securing Infrastructure-as-a-Service (IaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they are often consuming tens to hundreds of SaaS Offerings. The SaaS Governance Best Practice for Cloud Customers is a baseline set of fundamental governance practices for SaaS environments. It enumerates and considers risks during all stages of the SaaS lifecycle, including Evaluation, Adoption, Usage, and Termination.


The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. Failing to adjust accordingly can have devastating consequences such as disclosing sensitive data, loss of revenue, customer trust, and regulatory consequences.


Key Takeaways:

  • Provides a baseline set of SaaS governance best practices for protecting data within SaaS environments;
  • Enumerates and considers risks according to the SaaS adoption and usage lifecycles, and
  • Provides potential mitigation measures from the SaaS customer’s perspective.
Download this Resource

Bookmark
Share
View translations
Related resources
Don’t Panic! Getting Real about AI Governance
Don’t Panic! Getting Real about AI Governance
Zero Trust Guiding Principles v1.1
Zero Trust Guiding Principles v1.1
Strengthening Research Integrity with High-Performance Computing (HPC) Security
Strengthening Research Integrity with High-Perf...
Secure by Design: Implementing Zero Trust Principles in Cloud-Native Architectures
Secure by Design: Implementing Zero Trust Principles in Cloud-Nativ...
Published: 10/03/2024
Aligning Security Testing with IT Infrastructure Changes
Aligning Security Testing with IT Infrastructure Changes
Published: 10/03/2024
Elevating Application Security Beyond “AppSec in a Box”
Elevating Application Security Beyond “AppSec in a Box”
Published: 10/02/2024
When Walls Crumble: A CISO's Guide to Post-Breach Recovery
When Walls Crumble: A CISO's Guide to Post-Breach Recovery
Published: 09/30/2024

Acknowledgements

Anthony Smith
Anthony Smith
Cloud CyberSecurity

Anthony Smith

Cloud CyberSecurity

Anthony brings over 20+ years IT experience, specializing in IT compliance, auditing, governance. He has provided guidance in areas/industries such as: Manufacturing, Site Management, Merger's and Acquisitions, Emerging Technologies and Cloud Computing. He has extensive knowledge in: NIST, ISO, CAIQ and GDPR.

Anthony currently serves in the role of Cloud CyberSecurity advisor supporting the GCP, Azure and AWS platforms.

Read more

Tim Bach
Tim Bach
VP Security Engineering

Tim Bach

VP Security Engineering

Tim Bach is the Vice President of Engineering at AppOmni. His career as a security practitioner has focused on security engineering initiatives that make best in class security accessible and usable to teams of all sizes and industries.

Before joining AppOmni, Tim held security engineering roles at Apple and Salesforce. At Salesforce, Tim led the security team that designed and developed solutions to secure the AppExchange ecosystem ...

Read more

Alistair Cockeram
Alistair Cockeram
Security Architect at Financial Services

Alistair Cockeram

Security Architect at Financial Services

Alistair has spent over two decades specialising in network & information security management across Internet Service Provider, Defence and the Financial Services sectors.

Alistair is a member of the Cloud Security Alliance Software-Defined Perimeter (SDP) Zero Trust and SaaS Governance working groups.

An acknowledged reviewer of the CSA SDP Specification v2.0 and co-author of the SaaS Governance Best Practice Guide.

Read more

Sai Honig
Sai Honig

Sai Honig

Bryan Solari
Bryan Solari

Bryan Solari

Chris Hughes
Chris Hughes
Co-Founder and CISO at Aquia

Chris Hughes

Co-Founder and CISO at Aquia

Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of...

Read more

Saan Vandendriessche
Saan Vandendriessche

Saan Vandendriessche

Walter Haydock
Walter Haydock

Walter Haydock

Walter Haydock is an expert on vulnerability management, software supply chain resilience, and industrial Internet of Things (IoT) security. Before entering the private sector, he served as a professional staff member for the Homeland Security Committee of the U.S. House of Representatives, as an analyst at the National Counterterrorism Center, and as a reconnaissance and intelligence officer in the Marine Corps.

Read more

Andreas Peter
Andreas Peter

Andreas Peter

Yao Sing Tao
Yao Sing Tao

Yao Sing Tao

James Underwood
James Underwood
Senior Security Architect at Blackbaud, Inc

James Underwood

Senior Security Architect at Blackbaud, Inc

Zeal Somani
Zeal Somani

Zeal Somani

Paul Lanois Headshot Missing
Paul Lanois

Paul Lanois

Andrew Luhrmann Headshot Missing
Andrew Luhrmann

Andrew Luhrmann

Amit Kandpal
Amit Kandpal
Director of Customer Success, Netskope

Amit Kandpal

Director of Customer Success, Netskope

Akin Akinbosoye Headshot Missing
Akin Akinbosoye

Akin Akinbosoye

Luciano (J.R.) Santos
Luciano (J.R.) Santos
Chief Customer Officer, CSA

Luciano (J.R.) Santos

Chief Customer Officer, CSA

J.R. Santos serves as the Chief Customer Officer for the Cloud Security Alliance. In this role, J.R. serves as a CSA Member advocate, partnering with leaders across all business units to transform the member experience and ensure that members are the center of every business decision. J.R. leads the Experience Services organization that includes the CSA Membership and Sales team, who work collaboratively to promote a consistent experience f...

Read more

Mickey Law Headshot Missing
Mickey Law

Mickey Law

Jessica Shouse Headshot Missing
Jessica Shouse

Jessica Shouse

Abhishek Vyas
Abhishek Vyas
Head of Security Consultancy and Architecture

Abhishek Vyas

Head of Security Consultancy and Architecture

I have been working in Cybersecurity for over 10 years, and have been working on large scale multi-cloud programs in the Software and Finance industries over that period. I deliver business value through robust, scalable, fit for business cybersecurity, by establishing new ways of working to help the business to innovate. Challenging the status quo to help remove inertia, and ensuring that cybersecurity remains relevant and mea...

Read more

Michael Roza
Michael Roza
Risk, Audit, Control and Compliance Professional

Michael Roza

Risk, Audit, Control and Compliance Professional

Since 2012 Michael has contributed to over 100 CSA projects completed by CSA's Internet of Things, Zero Trust/Software-Defined Perimeter, Top Threats, Cloud Control Matrix, Containers/Microservices, DevSecOps, and other working groups. He has also served as co-chair of CSA's Enterprise Architecture, Top Threats, and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, SECaaS, and Cloud K...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training