Why SaaS security matters

- There are many questions about SaaS security, and it's not uncommon for the term to be misunderstood. So let's make sure you and I are aligned for the remainder of this course, and start with the who, what, where, when and why of SaaS security. We provided a handout for you to take notes so that you can use them when you evangelize your SaaS security program. Who needs SaaS security? Everyone. If you consume SaaS applications, you have a security role in the SaaS shared responsibility model. We'll break that down later in the course. Now maybe you're asking what exactly is Software as a Service, and what is SaaS security? Well, Software as a Service, or SaaS, is a way of delivering software applications over the internet on a subscription basis. SaaS security is the collection of processes, technologies, and controls that will help you manage the risks presented by the use of these applications. The next W is where. Where is SaaS used? Well, surveys year after year have revealed that SaaS is used in just about every department of every organization, and in many cases, each department has a unique SaaS to serve their specific needs. As an IT security professional, you need to know where it's being used, how it's being used, the data being stored in it, and who has access to it. Without that knowledge, you can't protect it or the data your organization has stored in it. So with that context, now it's time to decide when you need to start. When do you need to start? The answer is yesterday. SaaS consumption outpaces traditional infrastructure as a service such as AWS, Azure, and GCP by a wide margin. That means your data is in these environments. There are cyber, regulatory, reputational, operational, strategic, and privacy risks if you don't take steps to secure these applications now. Lastly, why? Why is this something I should prioritize? SaaS app attacks are on the rise. These always-on applications historically haven't been the focus of cloud security programs. Attackers are in pursuit of the weakest link and the softest parts of your attack surface. SaaS is part of your attack surface, and it's your job to protect it. Now, likely you may have noticed that we didn't include the how questions. Well, that's what we're going to cover in the remainder of this course. You now know the five Ws of SaaS security. Keep your notes handy so you can use them to gain buy-in on your future SaaS security initiatives.