4. The SMAC Stack Requires Agile
Security Capabilities
• Enable movement of diverse information to more places
• Variety and growth in devices, internet touch points, and access methods
• More custom mobile applications and services within the enterprise
• The need to adopt standard applications for SaaS in the public cloud
MobileSocial CloudAnalytics
The conversation is no longer about which applications and data will
move to the cloud, but rather which applications
and data will stay on premise.
4
5. Public Cloud Requires a Playbook
Legal
Security
SMEs
Architects
Privacy
Investigations
E-Discovery
External
Pen Tester
Risk
Manager
Playbook
Architects
Security
Engineers
Product
Owners
Legal
Privacy
Enterprise Provider
Tenant
Business
Requirements
Use Cases
Information
Classification
Risk Review
5
6. Steps to Develop a SaaS Security
Playbook
Educate
your team
on SaaS
Know your
data and
inventory
Understand
how to
calculate &
mitigate risk
Define security
controls
responsibility
Perform
security
reviews
during
SaaS
lifecycle
1 2 3 54
6
7. Lessons Learned
7
• Just as enterprise applications and data are moving to SaaS,
security controls are also moving to SaaS.
• Decide which security controls will remain internally hosted
and managed vs. externally hosted and externally managed.
• Carefully evaluate SaaS providers as some controls are
immature and the ecosystem is evolving.
• Consider short-term contracts to allow flexibility to move to a
new supplier if capabilities or roadmaps no longer align to risk
tolerance.