As a security administrator, I am concerned abou the security of my company’s data as it moves between two vendors’ SaaS applications. Am I wrong to think that there’s a weak link there? What steps can I take to test, monitor and strengthen security when data is en route?
You can see my full answer online where I talk about the importance of understanding how your data is going to be handled and negotiating appropriate legal controls before you start to load sensitive data into SaaS applications (sorry – registration required). For those looking for a quick preview, I talk about:
- Understanding the SaaS provider’s data handling procedures as well as the procedures of any partners who will also have access to sensitive data
- Shaping your use of the SaaS platform to turn off features that could result in data being communicated to additional parties
- Maintaining the right to test the security of the SaaS applications on a periodic basis.
SaaS applications can provide great benefits, but you have to understand what data they are going to be allowed to manage and what assurances the provider can give that this will be done correctly. And the time to negotiate these points is before contracts are signed and the provider already has access to your data.
dan _at_ denimgroup.com