Circle
Events
Blog

Download Publication

SaaS Governance Best Practices for Cloud Customers
SaaS Governance Best Practices for Cloud Customers
Who it's for:
  • Application developers
  • Application Architects
  • Cybersecurity professionals
  • Cloud security practitioners
  • IT professionals
  • Auditors
  • Compliance managers

SaaS Governance Best Practices for Cloud Customers

Release Date: 06/08/2022

Working Group: SaaS Governance

In the context of cloud security, the focus is almost always on securing Infrastructure-as-a-Service (IaaS) environments. This is despite the reality that while organizations tend to consume 2-3 IaaS providers, they are often consuming tens to hundreds of SaaS Offerings. The SaaS Governance Best Practice for Cloud Customers is a baseline set of fundamental governance practices for SaaS environments. It enumerates and considers risks during all stages of the SaaS lifecycle, including Evaluation, Adoption, Usage, and Termination.


The SaaS environment ultimately presents a shift in the way organizations handle cybersecurity that introduces a shared responsibility between producers and consumers. Failing to adjust accordingly can have devastating consequences such as disclosing sensitive data, loss of revenue, customer trust, and regulatory consequences.


Key Takeaways:

  • Provides a baseline set of SaaS governance best practices for protecting data within SaaS environments;
  • Enumerates and considers risks according to the SaaS adoption and usage lifecycles, and
  • Provides potential mitigation measures from the SaaS customer’s perspective.

Download this Resource

LoginCreate Account

Prefer to access this resource without an account? Download it now.

Acknowledgements

Michael Roza Headshot
Michael Roza
Risk, Audit, Control and Compliance Professional

Michael Roza

Risk, Audit, Control and Compliance Professional

Since 2012 Michael has contributed to over 75 CSA projects completed by CSA's Internet of Things, Blockchain/Distributed Ledger, Top Threats, Cloud Control Matrix, Software-Defined Perimeter, Applications, Containers, and Microservices, and other working groups. In, 2020 he also served as co-chair to CSA's Enterprise Architecture and Security-as-a-Service working groups while also serving as the Standards Liaison Officer for IoT, ICS, EA, S...

Read more

Anthony Smith Headshot
Anthony Smith
Cloud CyberSecurity

Anthony Smith

Cloud CyberSecurity

Anthony brings over 20+ years IT experience, specializing in IT compliance, auditing, governance. He has provided guidance in areas/industries such as: Manufacturing, Site Management, Merger's and Acquisitions, Emerging Technologies and Cloud Computing. He has extensive knowledge in: NIST, ISO, CAIQ and GDPR.

Anthony currently serves in the role of Cloud CyberSecurity advisor supporting the GCP, Azure and AWS platforms.

Read more

Tim Bach Headshot
Tim Bach
VP Security Engineering

Tim Bach

VP Security Engineering

Tim Bach is the Vice President of Engineering at AppOmni. His career as a security practitioner has focused on security engineering initiatives that make best in class security accessible and usable to teams of all sizes and industries.

Before joining AppOmni, Tim held security engineering roles at Apple and Salesforce. At Salesforce, Tim led the security team that designed and developed solutions to secure the AppExchange ecosystem ...

Read more

Alistair Cockeram Headshot
Alistair Cockeram
Security Architect at Financial Services

Alistair Cockeram

Security Architect at Financial Services

Alistair has spent over two decades specialising in network & information security management across Internet Service Provider, Defence and the Financial Services sectors.

Alistair is a member of the Cloud Security Alliance Software-Defined Perimeter (SDP) Zero Trust and SaaS Governance working groups.

An acknowledged reviewer of the CSA SDP Specification v2.0 and co-author of the SaaS Governance Best Practice Guide.

Read more

Sai Honig Headshot
Sai Honig

Sai Honig

This person does not have a biography listed with CSA.

Bryan Solari Headshot
Bryan Solari

Bryan Solari

This person does not have a biography listed with CSA.

Chris Hughes Headshot
Chris Hughes
Co-Founder and CISO at Aquia

Chris Hughes

Co-Founder and CISO at Aquia

Chris currently serves as the Co-Founder and CISO of Aquia. Chris has nearly 20 years of IT/Cybersecurity experience. This ranges from active duty time with the U.S. Air Force, a Civil Servant with the U.S. Navy and General Services Administration (GSA)/FedRAMP as well as time as a consultant in the private sector. In addition, he also is an Adjunct Professor for M.S. Cybersecurity programs at Capitol Technology University and University of...

Read more

Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?