Defense in Depth

Who Is Responsible for Securing SaaS Tools?

Sep 12, 2024

Russell Spitler, CEO and co-founder of Nudge Security, delves into the complexities of securing SaaS tools in a rapidly evolving landscape. He highlights the shift from 'verify then trust' to 'trust and verify' models, emphasizing teamwork among IT, security, and users. The conversation also tackles shadow IT challenges and the importance of clarity in security responsibilities. Spitler advocates for innovative approaches to safeguard data and strong authentication measures to manage access, ensuring organizations can effectively handle post-employee departure security.

35:23

Creator website

Episode guests

Russell Spitler

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The traditional shared responsibility model is inadequate for SaaS security, requiring clearer ownership of roles among IT and users.

Organizations must cultivate a culture of accountability among all employees to effectively manage data security in a SaaS environment.

Deep dives

Challenges of the Shared Security Model

The traditional shared responsibility model between IT and SaaS providers encounters significant challenges due to the nature of SaaS applications. Unlike the typical cloud security model, SaaS often presents difficulties in verifying security controls, as users cannot fully trust the service while also struggling to check its security features. This issue stems from users frequently signing contracts without understanding the associated security responsibilities, as many applications are adopted outside of IT's purview. Consequently, this environment requires a new SaaS security model that assigns clearer ownership for tasks related to identity management and data protection among all relevant teams.

Intro

2min

Navigating Trust and Responsibility in SaaS Security

3min

Evolving Trust in SaaS Security

10min

Navigating SaaS Security Dynamics

7min

Navigating SaaS Security Challenges

8min

Navigating Shared Responsibility in SaaS Security

5min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security.

In this episode:

Defining responsibilities
Understanding the problem
A different role for security
Focus on the data

Thanks to our podcast sponsor, Nudge Security

Get a full inventory of all SaaS accounts ever created by anyone in your org, in minutes, along with automated workflows to scale SaaS security and governance. No agents, browser plug-ins or network changes required. Start today with a free 14-day trial.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Defense in Depth

Who Is Responsible for Securing SaaS Tools?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Challenges of the Shared Security Model

The Impact of Shadow IT and User Adoption

The Need for Organizational Change

Evolving Security Practices and Responsibilities

Remember Everything You Learn from Podcasts

Defense in Depth

​​Who Is Responsible for Securing SaaS Tools?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Challenges of the Shared Security Model

The Impact of Shadow IT and User Adoption

The Need for Organizational Change

Evolving Security Practices and Responsibilities

Remember Everything You Learn from Podcasts

Who Is Responsible for Securing SaaS Tools?