OWASP AppSec Europe 2015

Growth in the SaaS market is an agreed trend over the coming years but one of the main obstacles for majority adoption by Enterprise IT departments is trust in security. Further, the changing function of IT needs to be embraced as it evolves from purchasing, deploying and managing technology to managing data as an asset.

Myths need to be debunked for those who believe on premise software is inherently more secure than SaaS. A robust Risk Assessment approach is needed which addresses regulatory compliance, security standard best practices, benchmarking between SaaS providers, and setting of enterprise risk tolerance and acceptance criteria.

Making the distinction between Data Processor and Data Controller is important when working with a SaaS provider. As well as the integrated Data Architecture and User Access Control design, deployment and monitoring, which is critical for both corporate governance and demonstrating regulatory compliance.