Picture
SEARCH
What are you looking for?
Need help finding what you are looking for? Contact Us
Compare
Free Samples
Cloud ServiceXaaS

PUBLISHER: IDC | PRODUCT CODE: 2007142

Cover Image

PUBLISHER: IDC | PRODUCT CODE: 2007142

Security Baselining SaaS and PaaS: An Overlooked Necessity

PUBLISHED:
PAGES: 10 Pages
DELIVERY TIME: 1-2 business days
REQUEST FREE SAMPLE
REQUEST CUSTOMIZATION
SELECT AN OPTION
PDF (Single User License)
USD 7500

Add to Cart

Description

Table of Contents

This IDC Perspective describes common breach scenarios that can be mitigated by SaaS platform hardening along with recovery steps. Addressing this risk robustly relies on sound governance and hardening based on risk. We cover the security program foundations needed to make these efforts successful and outline a tactical approach to hardening individual systems. Third-party SaaS platforms often ship with permissive configurations that favor ease of adoption over security. Organizations that fail to assess the security capabilities of these platforms and harden them appropriately prior to deployment may inadvertently expose themselves to compromise by malicious actors or personnel who accidentally mishandle sensitive data."SaaS platforms are a significant and growing attack surface for organizations that require a thoughtful approach to harden consistently," says Joel Sandin, adjunct research advisor for IDC's IT Executive Programs (IEP). "Central IT infrastructure and management tools can help, but the ultimate success of these efforts rests on sound governance and risk-informed review and configuration."

Show more
Product Code: US54444026

Executive Snapshot

  • Key takeaways
  • Recommended actions

Situation Overview

  • Motivating examples
    • Example 1: Permissive defaults, weak identity, and access management guardrails
    • Example 2: Audit trail and log retention issues, dangerous features, inadvertent exposure of sensitive data
    • Example 3: Third-party integration risks, lack of API hardening, and overprivileged access issues

Advice for the Technology Buyer

  • Risk drives baseline requirements and implementation
  • Approach outline
    • Capture risk, in particular platform risk, as part of vendor security assessments
    • Assess platform capabilities and integration points for centralized baseline enforcement
    • Develop a hardening plan based on risk and risk tolerance
    • Implement baselines and plan for ongoing compliance assessment
      • Limit exposure and reduce attack surface
      • Control identity and access
      • Prepare for failure
      • Plan for ongoing posture assessment and management

Learn More

  • Related research
  • Synopsis
Show more
Have a question?
Picture

Jeroen Van Heghe

Manager - EMEA

+32-2-535-7543

Picture

Christine Sirois

Manager - Americas

+1-860-674-8796

Questions? Please give us a call or visit the contact form.
Contact Us +1-866-353-3335
Hi, how can we help?
Contact us!