Defense in Depth

Who Is Responsible for Securing SaaS Tools?

Sep 12, 2024

Russell Spitler, CEO and co-founder of Nudge Security, delves into the complexities of securing SaaS tools in a rapidly evolving landscape. He highlights the shift from 'verify then trust' to 'trust and verify' models, emphasizing teamwork among IT, security, and users. The conversation also tackles shadow IT challenges and the importance of clarity in security responsibilities. Spitler advocates for innovative approaches to safeguard data and strong authentication measures to manage access, ensuring organizations can effectively handle post-employee departure security.

35:23

Creator website

Episode guests

Russell Spitler

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The traditional shared responsibility model is inadequate for SaaS security, requiring clearer ownership of roles among IT and users.

Organizations must cultivate a culture of accountability among all employees to effectively manage data security in a SaaS environment.

Deep dives

Challenges of the Shared Security Model

The traditional shared responsibility model between IT and SaaS providers encounters significant challenges due to the nature of SaaS applications. Unlike the typical cloud security model, SaaS often presents difficulties in verifying security controls, as users cannot fully trust the service while also struggling to check its security features. This issue stems from users frequently signing contracts without understanding the associated security responsibilities, as many applications are adopted outside of IT's purview. Consequently, this environment requires a new SaaS security model that assigns clearer ownership for tasks related to identity management and data protection among all relevant teams.

Intro

2min

Navigating Trust and Responsibility in SaaS Security

3min

Evolving Trust in SaaS Security

10min

Navigating SaaS Security Dynamics

7min

Navigating SaaS Security Challenges

8min

Navigating Shared Responsibility in SaaS Security

5min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security.

In this episode:

Defining responsibilities
Understanding the problem
A different role for security
Focus on the data

Thanks to our podcast sponsor, Nudge Security

Get a full inventory of all SaaS accounts ever created by anyone in your org, in minutes, along with automated workflows to scale SaaS security and governance. No agents, browser plug-ins or network changes required. Start today with a free 14-day trial.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Defense in Depth

Who Is Responsible for Securing SaaS Tools?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Challenges of the Shared Security Model

The Impact of Shadow IT and User Adoption

The Need for Organizational Change

Evolving Security Practices and Responsibilities

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Defense in Depth

​​Who Is Responsible for Securing SaaS Tools?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Challenges of the Shared Security Model

The Impact of Shadow IT and User Adoption

The Need for Organizational Change

Evolving Security Practices and Responsibilities

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Who Is Responsible for Securing SaaS Tools?

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights