Here’s a six minute highlights video of last week’s CISO Series Video Chat: “Hacking SaaS Security: An hour of critical thinking on on cloud application policy, monitoring, detection, and response”.

Watch the full video chat

Joining me in this discussion were:

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Obsidian

Best Bad Ideas

Another impressive slew of bad ideas for last week’s CISO Series Video Chat. Jakub Kaluzny, senior it security consultant with SecuRing took top prize for a bad idea that will probably just escalate into a full on SaaS-on-SaaS cyberwar. Here are a few other notable bad ideas:

“Anything related to SaaS security must use an acronym with ‘ass’ in it.” – Larry Rosen, information security consultant

“Demand SaaS providers utilize hamsters in wheels to ensure availability of services.” – Dustin Sachs, manager, information security, Performance Food Group

“Open up your S3 buckets to allow anonymous auditing of private SaaS data.” – Wil Tulaba, senior security administrator, Cognex Corporation

(Actually a GREAT idea) “Require all SaaS contracts to have a clause guaranteeing daily delivery of donuts.” – Dustin Sachs, manager, information security, Performance Food Group

“The percentage of your applications that are SaaS directly correlates to the percentage of your security team you can lay off.” – Matthew Thomson, principal consultant, cybersecurity, Skyline Technologies

Best comments from the chat room

“Data theft is happening because there is value and there are people who would pay for that value. Security is a deterrent, not necessarily preventative.” – Scott Schindler, account executive and director of business development, BlackLake Security

“SaaS is an interesting situation where people assume the underlying infrastructure is secure and not need to be worried about.” – Wil Tulaba, senior security administrator, Cognex Corporation

“The ‘single standard for assessing vendor security’ idea was how Shared Assessments started, but it did not always work out – everyone wants their own questions.” – David Peach, CISO, The Economist Group