Defense in Depth

Securing SaaS Applications

Jul 27, 2023

Guest Steve Zalewski and the hosts discuss the challenges of securing SaaS applications, the need for a specific strategy, gaining visibility in SaaS environments, and strategies for securing SaaS applications including DNS for app discovery and operationalizing security practices.

30:33

Creator website

Episode guests

Steve Zalewski

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

SaaS security requires a separate architectural strategy, considering both application design and non-security group involvement.

Continuous monitoring and sharing of security information are crucial for maintaining resilience in SaaS security.

Deep dives

The Importance of Building a Security Program for SaaS Apps

In this podcast episode, the hosts discuss the need for a specific security strategy for SaaS apps. They highlight the challenges of business-led IT and the increasing complexity of the SaaS ecosystem. It is emphasized that both the architecture of the applications and the involvement of non-security groups contribute to the security concerns. The discussion revolves around the idea that SAS should be treated as a separate environment. The hosts also mention the importance of continuous monitoring and sharing of security information by SAS vendors.

Introduction

2min

Securing SaaS Applications

10min

The Importance of a Specific Strategy for Securing SaaS Applications

1min

Gaining Visibility and Managing Risks in SaaS Environments

2min

Securing SaaS Applications: Strategies and Risks

12min

Favorite Quotes and Sponsor Mention

3min

All links and images for this episode can be found on CISO Series.

With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO’s architectural strategy?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Steve Zalewski who also hosts Defense in Depth.

Thanks to our podcast sponsor, AppOmni

Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment.

In this episode:

With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO’s architectural strategy?
Is the problem the architecture of the applications themselves or the fact that a non-security group is bringing these applications online? Is it both?
Is this problem solvable?
What technical controls can you put in place to mitigate risk from apps you deem risky?

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Defense in Depth

Securing SaaS Applications

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Importance of Building a Security Program for SaaS Apps

Addressing the Risks and Challenges in SaaS Security

Mitigating Risks and Ensuring Resilience in SaaS Security

Remember Everything You Learn from Podcasts