Here’s a six minute highlights video of last week’s CISO Series Video Chat: “Hacking SaaS Security: An hour of critical thinking on on cloud application policy, monitoring, detection, and response”.
Joining me in this discussion were:
- Elena Kvochko, chief trust officer, SAP
- Ben Johnson (@chicagoben), co-founder and CTO, Obsidian
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor Obsidian
Best Bad Ideas
Another impressive slew of bad ideas for last week’s CISO Series Video Chat. Jakub Kaluzny, senior it security consultant with SecuRing took top prize for a bad idea that will probably just escalate into a full on SaaS-on-SaaS cyberwar. Here are a few other notable bad ideas:
“Anything related to SaaS security must use an acronym with ‘ass’ in it.” – Larry Rosen, information security consultant
“Demand SaaS providers utilize hamsters in wheels to ensure availability of services.” – Dustin Sachs, manager, information security, Performance Food Group
“Open up your S3 buckets to allow anonymous auditing of private SaaS data.” – Wil Tulaba, senior security administrator, Cognex Corporation
(Actually a GREAT idea) “Require all SaaS contracts to have a clause guaranteeing daily delivery of donuts.” – Dustin Sachs, manager, information security, Performance Food Group
“The percentage of your applications that are SaaS directly correlates to the percentage of your security team you can lay off.” – Matthew Thomson, principal consultant, cybersecurity, Skyline Technologies
Best comments from the chat room
“Data theft is happening because there is value and there are people who would pay for that value. Security is a deterrent, not necessarily preventative.” – Scott Schindler, account executive and director of business development, BlackLake Security
“SaaS is an interesting situation where people assume the underlying infrastructure is secure and not need to be worried about.” – Wil Tulaba, senior security administrator, Cognex Corporation
“The ‘single standard for assessing vendor security’ idea was how Shared Assessments started, but it did not always work out – everyone wants their own questions.” – David Peach, CISO, The Economist Group