saas

Resilience in Focus: How Boards Are Preparing for CPS 230

Posted on by Admin
Resilience in Focus: How Boards Are Preparing for CPS 230

According to an industry expert, resilience has become a board-level concern for Australia’s financial services industry ahead of new CPS 230 Operational Risk Management regulations from the Australian Prudential Regulatory Authority, the industry’s regulatory body. Australian banks, insurers, and superannuation funds will be required to meet the APRA’s new consolidated CPS 230 standard for operational risk management. Those classified as “significant” financial institutions have until July 2025 to comply, while non-significant financial institutions have been…

Read More

Multi-Site Mastery: Strategies for Effective Risk Assessments

Posted on by Admin
Multi-Site Mastery: Strategies for Effective Risk Assessments

In this episode of The Security Podcasts we sit down with Mark Landry, National Accounts Director at AMAROK, to discuss navigating multi-site risk assessment effectively. “In order to approach your risk assessment, especially when you’ve got vast or disparate geographies – meaning you’ve got a location in Portland, Maine and location in Portland, Oregon – you have to be able to accurately convey the risk across both of those locations that have very different risk…

Read More

Proving physical security value across an organization

Posted on by Admin
Proving physical security value across an organization

In this episode of The Security Podcasts we sit down with Thomasina Martin, a Key Account Manager specializing in Energy and Utilities at Genetec, Inc., to talk about proving the value of physical security across an organization. “One of the primary challenges I think a lot of us see, I think it’s universal in the security industry when trying to secure a budget, is that physical security often competes with other critical business units or…

Read More

Balancing Risk and Innovation – A CISO Perspective

Posted on by Admin
Balancing Risk and Innovation – A CISO Perspective

In this episode of The Security Podcasts featuring Jill Knesek, CISO of Blackline, and former FBI Special Agent in the Cyber Crime Squad, we talk about balancing risk & innovation from a CISO’s perspective. “The message I like to give is we can be both innovative and secure.,” Knesek says. “They’re not mutually exclusive, and they shouldn’t be. By shifting left and embedding strong security practices and controls earlier into our development lifecycle, we can…

Read More

SaaS governance is improving, but AI presents new challenges

Posted on by Admin
SaaS governance is improving, but AI presents new challenges

Despite hitting a high in 2022, apps identified as “shadow IT” dropped from 53% to 48% in 2023. This drop signals an increase in SaaS governance actions: we’re getting better within enterprises at knowing what apps employees are using, and better at enforcing policies around SaaS use. Anecdotally, I’m seeing that the creation of SaaS governance councils is becoming the norm; businesses are responding to a need for repeatable processes that allow teams to cross-functionally…

Read More

Misconfigured ServiceNow Knowledge Bases Expose Confidential Information

Posted on by Admin
Misconfigured ServiceNow Knowledge Bases Expose Confidential Information

Users of ServiceNow, a cloud-based platform used to manage IT services and processes, could be unknowingly exposing confidential information, including names, phone numbers, internal system details, and active credentials. Misconfiguration of Knowledge Bases — self-service platforms within ServiceNow where users can create, store, and share information such as articles and guides — could lead to unauthorised individuals gaining access to the system. Many organisations use Knowledge Bases as repositories of sensitive internal information, such as…

Read More

Most Tech Leaders Worry About SaaS Security Threats

Posted on by Admin
Most Tech Leaders Worry About SaaS Security Threats

Software-as-a-Service applications have long been targets of cyberthreats. A new study finds that these threats remain top of mind for 78% of U.S. technology leaders as more SaaS apps find their way into the enterprise. Although enterprises have been prioritizing data privacy and security, their continued reliance on SaaS and cloud offerings means they remain at risk, according to the The SaaS Disruption Report: Security & Data by Onymos and Enterprise Strategy Group. Shiva Nathan,…

Read More

Lessons from the Snowflake breach: SaaS security needs collaboration

Posted on by Admin
Lessons from the Snowflake breach: SaaS security needs collaboration

The recent Snowflake attack is an important reminder that data remains king when it comes to cyberattacks, and identities are the gateway for threat actors to access this coveted information. While in the event of an attack, service providers typically take the brunt of the blame. In this case, Snowflake reflected that it was actually how the company’s customers — including major companies like Ticketmaster and Advanced Auto Parts — chose to leverage its SaaS…

Read More

Accelerating SaaS solution delivery to the U.S. Federal Government

Posted on by Admin
Accelerating SaaS solution delivery to the U.S. Federal Government

Synopsis: The Cisco Federal Operational Security Stack streamlines the process for Cisco SaaS solutions on their FedRAMP journey, bringing a myriad of benefits. It revolutionizes product engineering team workflows by offering a centralized and integrated suite of tools and services that cover a significant number of FedRAMP security requirements. This efficiency decreases engineering team effort, enabling them to focus on enriching solution features and accelerating their FedRAMP readiness. In 2023, the FedRAMP Authorization Act was…

Read More

Accelerating SaaS security certifications to maximize market access

Posted on by Admin
Accelerating SaaS security certifications to maximize market access

The regulatory landscape for Software-as-a-Service (SaaS) offerings is rapidly changing worldwide as governments seek to address concerns around privacy, security, and data sovereignty. While the European Union’s Cybersecurity Certification Scheme for Cloud Services (EUCS) has set a high standard for data protection, Asian countries are also stepping up their regulatory frameworks. For instance, the Information System Security Management and Assessment Program (ISMAP) in Japan provides a baseline standard of protection for user data, imposing stringent…

Read More
1 2 3 4