Speakers
Synopsis
The presentation explores the increasing adoption of Software-as-a-Service (SaaS) in organisations and the associated security challenges. As critical data moves outside traditional boundaries, businesses face new risks in managing security and operations.
Key Points
1. SaaS Adoption in Organisations:
Traditionally, companies managed their own hardware and software. With Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS), businesses began outsourcing infrastructure and platforms. Now, SaaS delivers complete applications, which significantly abstracts control over hardware and software from users.
2. Security in Traditional Organisations:
Early SaaS services, such as email and CRM, were easier to control. However, as more services migrated to the cloud, businesses began losing visibility over their data, with more complex data flows between internal and external systems.
3. Super-SaaS:
This concept refers to a future where all data and services are external. While some may believe that not everything will move to this model, the trend suggests that most systems will eventually operate in the cloud. This creates new security concerns as businesses lose control over critical aspects of their environment.
4. Security Challenges:
Super-SaaS brings benefits, such as management by experts and reduced risk of coincident failures. However, security challenges include:
- Operational Transparency: Organisations need visibility into external services to monitor security incidents.
- Data Exfiltration Risks: External data storage increases the potential for breaches, and tracking the origins of leaks becomes more difficult.
5. Contractual Considerations:
Effective SaaS management requires rigorous contracts that ensure:
- Security Monitoring: Alerts for failed logins and unusual access patterns.
- Availability Data: Real-time updates on system availability.
- Recovery Objectives: Clear Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) with defined measurements.
6. Data Lakes:
For organisations reluctant to rely entirely on external storage, data lakes can offer more control over availability and local reporting. However, they also introduce risks like data breaches from multiple storage points and challenges in maintaining data integrity.
Conclusion
As businesses increasingly adopt SaaS and move towards Super-SaaS environments, they must implement tighter security measures, demand greater operational transparency, and ensure robust contractual protections. Although these environments offer benefits, the complexity of managing security across external services requires careful planning to safeguard data and maintain operational integrity.