SaaS providers offer varying technical capabilities, particularly in terms of security. While some providers may be larger or more prominent, their security offerings can differ significantly.
Here’s a comparison of three SaaS apps:
– SaaS app 1: Supports SSO via SAML, but does not support logging or listing API connections. It has a marketplace and can list NHIs, but cannot programmatically revoke user access.
– SaaS app 2: Does not support SSO, but can list API and NHI connections. It does not have a marketplace and cannot programmatically revoke user access.
– SaaS app 3: Supports performance logging but not security logging. It can programmatically revoke user access.
There’s a pressing need for an industry standard that establishes minimum technical security capabilities for SaaS applications. The significant inconsistencies in security offered by SaaS vendors are leading to substantial operational challenges and increased operational costs and security risks. Currently, there’s no industry standard that outlines the security capabilities SaaS applications should incorporate into their platforms. Furthermore, the SaaS Share Responsibility Model fails to provide cloud customers with adequate options to configure the application based on their risk appetite or requirements.
Data Centric 