SaaS Security Under Scrutiny After High Profile Breaches

The firing of Target CEO Gregg Steinhafel this week underscored just how important

computer security is to modern corporations. “I think it’s a clear sign that we’re in a new

era, one in which companies are engaged in what you could clearly call asymmetric

warfare against an insurgency,” says security expert Charles Nguyen who likens cyber

intrusion to the kind of disruption companies face in war zones.

The new battlefield is almost completely invisible, with battles taking place with ones

and zeroes being sent between computers at lightspeed over fiber optic cables that

encircle the entire world. As commerce has become increasingly reliant on technology,

new vulnerabilities are coming to light. This increased reliance on technology is

converging with a shift in hacking from a hobby to the foundation of criminal enterprise

and even state-sponsored military insurgency.

Nowhere is this more evident than in the software-as-a-service (SaaS) applications being

used by companies. SaaS Security is an increasingly prominent topic among those in IT

security, whether at security conferences or even in the corporate boardroom. “I’ve had

clients tell me they are presenting the state of their SaaS Security to the board of directors,

because cloud is now a board-level concern,” says Nguyen who advises security teams at

Fortune 500 companies.

But technology is not enough, he says, to achieve SaaS security. In the case of Target, the

company had a security software tool that detected the breach as soon as it began. The

failure lie with the security team that failed to follow up on the alert the received, while

the breach continued for another week and millions of customer credit cards were stolen.

For that, Nguyen says companies also need old-fashioned people and process to be secure.