Register for CSA’s SECtember conference and trainings today




Circle
Events
Blog

Download Publication

SaaS Governance Best Practices for Cloud Customers
SaaS Governance Best Practices for Cloud Customers
Who it's for:
  • Application developers
  • Application Architects
  • Cybersecurity professionals
  • Cloud security practitioners
  • IT professionals
  • Auditors
  • Compliance managers

SaaS Governance Best Practices for Cloud Customers

Release Date: 06/08/2022

Working Group: SaaS Governance

In the context of cloud security, the focus is almost always on securing Infrastructure-as-a-Service (IaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they are often consuming tens to hundreds of SaaS Offerings. The SaaS Governance Best Practice for Cloud Customers is a baseline set of fundamental governance practices for SaaS environments. It enumerates and considers risks during all stages of the SaaS lifecycle, including Evaluation, Adoption, Usage, and Termination.


The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. Failing to adjust accordingly can have devastating consequences such as disclosing sensitive data, loss of revenue, customer trust, and regulatory consequences.


Key Takeaways:

  • Provides a baseline set of SaaS governance best practices for protecting data within SaaS environments;
  • Enumerates and considers risks according to the SaaS adoption and usage lifecycles, and
  • Provides potential mitigation measures from the SaaS customer’s perspective.

Download this Resource

LoginCreate Account

Prefer to access this resource without an account? Download it now.

Acknowledgements

Michael Roza Headshot
Michael Roza
Risk, Audit, Control and Compliance Professional

Michael Roza

Risk, Audit, Control and Compliance Professional

Since 2012 Michael has contributed to over 75 CSA projects completed by CSA's Internet of Things, Blockchain/Distributed Ledger, Top Threats, Cloud Control Matrix, Software-Defined Perimeter, Applications, Containers, and Microservices, and other working groups. In, 2020 he also served as co-chair to CSA's Enterprise Architecture and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, S...

Read more

Anthony Smith Headshot
Anthony Smith
Cloud CyberSecurity

Anthony Smith

Cloud CyberSecurity

Anthony brings over 20+ years IT experience, specializing in IT compliance, auditing, governance. He has provided guidance in areas/industries such as: Manufacturing, Site Management, Merger's and Acquisitions, Emerging Technologies and Cloud Computing. He has extensive knowledge in: NIST, ISO, CAIQ and GDPR.

Anthony currently serves in the role of Cloud CyberSecurity advisor supporting the GCP, Azure and AWS platforms.

Read more

Tim Bach Headshot
Tim Bach
VP Security Engineering

Tim Bach

VP Security Engineering

Tim Bach is the Vice President of Engineering at AppOmni. His career as a security practitioner has focused on security engineering initiatives that make best in class security accessible and usable to teams of all sizes and industries.

Before joining AppOmni, Tim held security engineering roles at Apple and Salesforce. At Salesforce, Tim led the security team that designed and developed solutions to secure the AppExchange ecosystem ...

Read more

Alistair Cockeram Headshot
Alistair Cockeram
Security Architect at Financial Services

Alistair Cockeram

Security Architect at Financial Services

Alistair has spent over two decades specialising in network & information security management across Internet Service Provider, Defence and the Financial Services sectors.

Alistair is a member of the Cloud Security Alliance Software-Defined Perimeter (SDP) Zero Trust and SaaS Governance working groups.

An acknowledged reviewer of the CSA SDP Specification v2.0 and co-author of the SaaS Governance Best Practice Guide.

Read more

Sai Honig Headshot
Sai Honig

Sai Honig

This person does not have a biography listed with CSA.

Bryan Solari Headshot
Bryan Solari

Bryan Solari

This person does not have a biography listed with CSA.

Chris Hughes Headshot
Chris Hughes
Co-Founder and CISO at Aquia

Chris Hughes

Co-Founder and CISO at Aquia

Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of...

Read more

Saan Vandendriessche Headshot Missing
Saan Vandendriessche

Saan Vandendriessche

This person does not have a biography listed with CSA.

Walter Haydock Headshot
Walter Haydock

Walter Haydock

Walter Haydock is an expert on vulnerability management, software supply chain resilience, and industrial Internet of Things (IoT) security. Before entering the private sector, he served as a professional staff member for the Homeland Security Committee of the U.S. House of Representatives, as an analyst at the National Counterterrorism Center, and as a reconnaissance and intelligence officer in the Marine Corps.

Read more

Andreas Peter Headshot Missing
Andreas Peter

Andreas Peter

This person does not have a biography listed with CSA.

Yao Sing Tao Headshot Missing
Yao Sing Tao

Yao Sing Tao

This person does not have a biography listed with CSA.

James Underwood Headshot
James Underwood
Senior Security Architect at Blackbaud, Inc

James Underwood

Senior Security Architect at Blackbaud, Inc

This person does not have a biography listed with CSA.

Zeal Somani Headshot Missing
Zeal Somani

Zeal Somani

This person does not have a biography listed with CSA.

Paul Lanois Headshot Missing
Paul Lanois

Paul Lanois

This person does not have a biography listed with CSA.

Andrew Luhrmann Headshot Missing
Andrew Luhrmann

Andrew Luhrmann

This person does not have a biography listed with CSA.

Amit Kandpal Headshot
Amit Kandpal
Director of Customer Success, Netskope

Amit Kandpal

Director of Customer Success, Netskope

This person does not have a biography listed with CSA.

Akin Akinbosoye Headshot Missing
Akin Akinbosoye

Akin Akinbosoye

This person does not have a biography listed with CSA.

Luciano (J.R.) Santos Headshot
Luciano (J.R.) Santos
Chief Customer Officer, CSA

Luciano (J.R.) Santos

Chief Customer Officer, CSA

J.R. Santos serves as the Chief Customer Officer for the Cloud Security Alliance. In this role, J.R. serves as a CSA Member advocate, partnering with leaders across all business units to transform the member experience and ensure that members are the center of every business decision. J.R. leads the Experience Services organization that includes the CSA Membership and Sales team, who work collaboratively to promote a consistent experience f...

Read more

Mickey Law Headshot Missing
Mickey Law

Mickey Law

This person does not have a biography listed with CSA.

Jessica Shouse Headshot Missing
Jessica Shouse

Jessica Shouse

This person does not have a biography listed with CSA.

Abhishek Vyas Headshot
Abhishek Vyas
Head of Security Consultancy and Architecture

Abhishek Vyas

Head of Security Consultancy and Architecture

I have been working in Cybersecurity for over 10 years, and have been working on large scale multi-cloud programs in the Software and Finance industries over that period. I deliver business value through robust, scalable, fit for business cybersecurity, by establishing new ways of working to help the business to innovate. Challenging the status quo to help remove inertia, and ensuring that cybersecurity remains relevant and mea...

Read more

Vani Murthy Headshot
Vani Murthy
Senior advisor Security & Compliance at Akamai Technologies

Vani Murthy

Senior advisor Security & Compliance at Akamai Technologies

Vani has 20+ years of IT experience in the areas such as Security, Risk, Compliance, Cloud services (IaaS/PaaS/SaaS) architecture

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?