ICYM: 4 SaaS Security Lessons to Keep Top of Mind in 2021
At the end of 2020, we hosted a webinar alongside Sisense’s Chief Security & Trust Officer, Ty Sbano titled Securing Best of Breed SaaS applications in 2021. The discussion focused on reviewing the most important security trends of last year and how that should inform security programs this year. As 2021 continues to progress, these are the 4 trends and lessons we think are worth keeping in mind.
Data leaks and mega breaches will continue to plague the cloud security industry landscape
In this segment, Nightfall product expert Michael Osakwe discusses two important trends that have developed over the last several years. First, data leaks or data exposure incidents that don’t involve a threat actor, have become extremely common due to a rise in cloud system misconfigurations. Second, mega breaches, or reported breach incidents that impact more than 1 million records, have also increased dramatically within the cloud. Both trends highlight the stakes involved in securing cloud systems, and these trends are likely to continue. Gartner suggests that through 2025, 99% of cloud security failures will be the customer’s fault.
The post-COVID workplace is perimeter-less and will remain so for the foreseeable future
In this segment, Ty Sbano discusses what we call the “perimeter-less workspace.” With work now occurring in the cloud, security has moved from managing endpoints to following data wherever it ends up in the cloud. The cloud systems that store data are often always-on, store large volumes of unstructured data, and are accessed by many users with varying permissions. Managing security in such environments can prove difficult without first understanding what this means for the cloud security landscape.
Shared responsibility is as important as ever in 2021
In this segment, Ty discusses why shared responsibility remains important, even in 2021 and how resources like CIS’s representation of the shared security model could be used to build security workflows that clearly designate everyone’s role when it comes to securing cloud platforms.
Leveraging NIST (or your preferred security framework) to benchmark your security program
In this final segment, Ty talks about the National Institute of Standards and Technology Cyber Security Framework, NIST CSF, and how it helps security teams validate their performance across different security domains. As your remote security program matures this year, you should leverage the NIST CSF or a similar framework in order to make sure you’re fully securing the applications and resources your teams are currently using.
If you’re interested in seeing more, you can watch the entire webinar below: https://try.nightfall.ai/saas-security-2021