SaaS Governance Working Group
Introduction to the SaaS Governance Working Group
Security and privacy are the primary concerns for organizations considering SaaS adoption, and recent research indicates that 77% of SaaS-adopting organizations have experienced SaaS-specific security incidents. SaaS services account for the bulk of the cloud industry market, and any security incident could critically impact cloud customers.
SaaS services present unique risks to their cloud customers:
- they are highly business process specific
- they handle and store critical business and personal data
- they integrate a broad array of service components, operating over a deep application stack
- they may depend on multiple cloud service providers
Due to heavy competitive pressure in the SaaS market today, security is too often not a top priority for SaaS providers – especially for the smaller providers that may not have the necessary security expertise to identify and manage the risks that could impact cloud customers and the cloud provider’s own operations.
The SaaS Governance Working Group will encourage and define mechanisms for customers and service providers to cooperate and work closely with each other to manage SaaS risks and ensure the security of customer data and the resilience of the SaaS cloud infrastructure.
Scope and Responsibilities
The scope for the SaaS Governance working group includes, but is not limited to:
- Develop a baseline set of fundamental SaaS governance practices for SaaS Providers and Customers.
- Develop a library and mitigation measures of SaaS-specific risks for SaaS Providers and Customers.
- Develop a practical security guide to help SaaS Providers implement secure SaaS delivery to best protect cloud customer data.
- To share any newly developed security controls other relevant CSA initiatives.
SaaS Governance Working Group Leadership
SaaS Governance Co-chairs
Sandeep Poonen is the Information Security Officer for Cloud Services at VMware. He brokers all key information security capabilities from IT Security into the cloud service portfolio. He is also responsible for the Information Security Risk Management program at VMware. He has several years of experience in IT and application security, helping several Fortune 100 enterprises (and beyond) architect security solutions for their enterprise application landscape.
Mark has extensive experience in security architecture, information security policy, risk management, regulatory compliance, and implementation of security controls across enterprise systems and networks. He leads consulting and development teams across a range of clients in banking, telecommunications, government, and small to medium businesses.
Mark regularly holds leadership roles in professional associations including ISACA, the Australian Information Security Association, and the Asian Advisory Board of (ISC)2. Mark’s professional goals include solving hard problems for clients, building client skills and capabilities, and making a positive contribution to the industry. He continues to contribute to national and international standards working groups and is a Senior Member of the ACM.
Ronald Tse is the founder of Ribose, leading development of its secure and effective collaboration platform. Interested in solving real-world problems through computing, Ronald previously worked on distributed systems research at Brown University and MIT. He graduated from Brown University with bachelor’s degrees in Computer Science and Biology, and a master’s degree in Computer Science. Ronald holds several technical certifications, is currently a member of the Cloud Security Alliance’s International Standardization Council, and also serves other standard committees of CalConnect and ISO.
SaaS Governance Working Group Initiatives
Please contact SaaS Governance Working Group Leadership for more information.
Thanks for your interest!
Your request to join SaaS Governance has been recorded. Someone will be in touch with you soon with more instructions.
SaaS Governance Working Group Downloads
No downloads currently available.