Intel SaaS Security Playbook
Download as PPTX, PDF2 likes2,193 views
The document discusses developing a SaaS security playbook. It recommends educating teams on SaaS, inventorying data, understanding how to calculate and mitigate risk, defining security control responsibilities, and performing security reviews throughout the SaaS lifecycle. Lessons learned are to expect security controls to move to SaaS as applications do, decide which controls remain internal vs. external, carefully evaluate immature SaaS security capabilities, and use short-term contracts for flexibility.
Intel SaaS Security Playbook
- 1. SaaS Security Playbook Securing data and applications in the public cloud
- 2. Legal Notices This presentation is for informational purposes only. INTEL MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Intel, and the Intel logo are trademarks of Intel Corporation in the U.S. and/or other countries. * Other names and brands may be claimed as the property of others. Copyright © 2014, Intel Corporation. All rights reserved. 1
- 3. Social Mobile Analytics Cloud The SMAC Stack SMAC is Changing the Way We Do Business 3
- 4. The SMAC Stack Requires Agile Security Capabilities • Enable movement of diverse information to more places • Variety and growth in devices, internet touch points, and access methods • More custom mobile applications and services within the enterprise • The need to adopt standard applications for SaaS in the public cloud MobileSocial CloudAnalytics The conversation is no longer about which applications and data will move to the cloud, but rather which applications and data will stay on premise. 4
- 5. Public Cloud Requires a Playbook Legal Security SMEs Architects Privacy Investigations E-Discovery External Pen Tester Risk Manager Playbook Architects Security Engineers Product Owners Legal Privacy Enterprise Provider Tenant Business Requirements Use Cases Information Classification Risk Review 5
- 6. Steps to Develop a SaaS Security Playbook Educate your team on SaaS Know your data and inventory Understand how to calculate & mitigate risk Define security controls responsibility Perform security reviews during SaaS lifecycle 1 2 3 54 6
- 7. Lessons Learned 7 • Just as enterprise applications and data are moving to SaaS, security controls are also moving to SaaS. • Decide which security controls will remain internally hosted and managed vs. externally hosted and externally managed. • Carefully evaluate SaaS providers as some controls are immature and the ecosystem is evolving. • Consider short-term contracts to allow flexibility to move to a new supplier if capabilities or roadmaps no longer align to risk tolerance.
- 8. 8
Editor's Notes
- #3: 2