Public cloud-based software as a service (SaaS) applications are becoming increasingly popular in organisations of all sizes. But while SaaS applications offer efficiency, cost savings, and enhanced collaboration, they also present a number of security challenges.
Intel has developed a series of best-practice protocols designed to enhance security, privacy, and legal compliance when using cloud-based applications. These protocols address issues surrounding application users and devices, data encryption and loss prevention, as well as security violation detection and response.
#1: Develop a security strategy and corresponding reference architecture
This strategy guides the rest of an organisation’s SaaS activities. It involves:
- Educating the IT security team about SaaS
- Identifying security controls and determining residual risk
- Defining and implementing a chain of responsibility for SaaS security controls
#2: Establish a balance of risk and productivity
Controls against malware and phishing sites work to protect intellectual property and employees’ personal information. Personal responsibility does come into play, where employees must be educated about mitigating risks through safe cloud behaviour.
#3: Implement SaaS security controls
A combination of security controls helps to ensure appropriate user access. These controls function to protect data and detect any security violations within the system.
#4: Keep up with technology development
SaaS technology is continually changing and evolving. Many SaaS providers also host their service in the cloud, which can add another element of risk to end users. Therefore, it’s important to regularly re-evaluate SaaS security to maintain a stance of minimal risk.
Read the Original article here.