Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

What Do I Need to Know for SaaS Security?

Most importantly, someone needs to step forward and take it on as their job.

Brendan O'Connor, CEO and Co-Founder, AppOmni

March 1, 2022

1 Min Read
Illustration of gears representing a complex network, with the main gear labeled "SaaS"
Source: Aleksey Funtap via Alamy

Question: What do I need to know about the future of software-as-a-service (SaaS) security?

Brendan O’Connor, CEO and Co-Founder, AppOmni: First, you need a translator. Every major SaaS platform implements security differently, and there is very little consistency across various applications. Teams will need to rely on automated solutions that stay current with the updates and nuances of each SaaS application, that can alert and educate in-house security practitioners about potential issues and suggest ways to solve them. It's difficult for security teams to identify risk and offer meaningful guidance to the business when they don't speak the language of each individual SaaS platform.

Second, security will continue to be a multistakeholder model. Security, business, IT, and privacy/risk teams all have a stake in cloud security. Security teams must embrace automation to ensure consistent visibility. More importantly, automation can help IT and business delivery teams shift left into finding and fixing security issues as part of development and configuration — not after security vulnerabilities have already made their way to production.

Third, SaaS security needs to be somebody's job. SaaS applications are frequently purchased and managed by individual business units, often without security teams being involved. Today SaaS security doesn't have a clearly defined owner in most organizations — it could be IT or security. If a SaaS application houses sensitive and/or business-critical data, AppSec teams need to step up to secure that application and the related data access.

About the Author(s)

Brendan O'Connor

CEO and Co-Founder, AppOmni

Brendan O’Connor is a 20-year veteran of the security industry. Prior to founding AppOmni, he was Security CTO at ServiceNow. Before joining ServiceNow, Brendan spent 10 years at Salesforce, where he led Salesforce's global information security organization as CSO. Prior to his role as CSO, Brendan was VP of Product Security at Salesforce. Brendan has also worked in the financial services and communications sectors. His past experience includes work as a vulnerability researcher, security engineer, and privacy advocate. He is passionate about securing the technology that connects the world.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights