A 10-point plan to vet SaaS provider security

Using a software-as-a-service provider means giving up some control over security, so close vetting of SaaS security during vendor evaluation is critical.

cso ts cloud  by ivanastar getty and sam schooler via unsplash
Ivanastar / Getty Images / Sam Schooler

For a growing number of enterprises, software-as-a-service (SaaS) has become the primary means of accessing vital business applications. The strategy makes sense from a business standpoint because of the potential benefits: cost savings, increased agility and easier scalability to name a few.

Any cloud-based offering comes with security risks, however. How can an organization know for sure if its SaaS providers’ security provisions are up to its own standards?

“The challenge we have is gaining visibility into what the SaaS vendor is doing to secure their infrastructure, their change management procedures, and incident response process,” says Patrick Hevesi, vice president and analyst at research firm Gartner.

Not all SaaS providers are transparent about their security, according to a 2019 Gartner report. Organizations need to understand both the risk they’re taking by putting important user data in a cloud service and the trust they must place in the provider, the report said.

To continue reading this article register now

The 10 most powerful cybersecurity companies