Here is a quick five minute video of our best moments from CISO Series Video Chat: “Hacking SaaS Ecosystem: An hour of critical thinking about integration and automation across cloud environments.”
Our guests for this discussion were:
- Misha Seltzer, CTO and co-founder, Atmosec
- Shawn Bowen (@smbowen), CISO, World Fuel Services
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor Atmosec
Best Bad Idea
Congrats to John Gallagher, vice president, Viakoo, Inc. for winning this week’s Best Bad Idea.
Other honorable mentions go to:
“Crowdsource your SaaS security on Fiverr.” – Dustin Sachs, manager, information security, Performance Food Group
“Unencrypt everything so its super fast!” – Joshua Bregler, security architect, AWS
“Let employees use whatever SaaS they want, however they want, but they must be legally and financially culpable for any security breach or data leak.” – Hadas Cassorla, CISO, M1 Finance
“Use two SaaS vendors for every function you want. This way you get redundancy. Only 2x cost and 3x the complexity.” – Duane Gran, director, information systems and security, Blue Ridge ESOP Associates
10 percent better
“Make use of a SaaS Security Posture Management tool.” – Roland Mueller, self-employed
“SaaS increases fourth-party risk. Do you really need all those SaaS integrations features that will allow anyone to exfiltrate data easily and outside your monitoring capabilities?” – Jean-Michel Amblat, information security
“SaaS SAML all the way. Identity federation will save you during off boarding since former employees will not longer be able to access your data.” – Jean-Michel Amblat, information security
“Ask if your SaaS vendor is able to reply to a subpoena and provide your data to law enforcement. A ‘Yes’ means their customer data encryption architecture is not great even if it could be acceptable.” – Jean-Michel Amblat, information security
Quotes from the chatroom
“‘Put it all on SaaS’ sounds a lot like ‘Hell, put it all on RED!'” – Paul Watts, distinguished analyst, Information Security Forum
“SaaS is actually great for hiding complexity, but in reality you are simply transferring risk to your vendor. Complexity is still there but you just don’t see it.” – Anatoly Chikanov, director of information security, Enel X
“Common misconception is that there’s no need to support SaaS but there’s a ton, helping with users to setup/login, manage processes, etc. It’s just a different support process.” – Anatoly Chikanov, director of information security, Enel X
“Outsourcing security is like assuming open source code is secure, just because you can get gig workers they have no long term interest in the success of your company.” – Michael Delzer, technology investment consultant, Michael Delzer Consulting