Building a SaaS security program

Cloud Security Today

English - June 23, 2024 10:00 - 50 minutes - 34.8 MB - ★★★★★ - 13 ratings
Technology devsecops cloud security cloud aws azure google supply chain Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Zombie identities: the hidden threat in your cloud

Send us a Text Message.

This month, we welcome Swathi Joshi, VP of SaaS Cloud Security at Oracle, to discuss key moments and decisions that shaped her career path, including rejections from Google and Twitter. She emphasizes the importance of learning from rejection and seeking feedback to improve. Swathi also shares insights on the role of mentors and advises on finding and working with mentors. In the second part of the conversation, she discusses building a SaaS security program as an enterprise consumer of SaaS. She highlights the importance of addressing misconfigurations, ensuring visibility and access control, and meeting compliance needs.

Swathi also suggests asking about backup and exploring risk scoring for vendors. In this conversation, Swathi discusses best practices for managing vendor risk, vulnerability management through third parties, and incident response in SaaS applications. She also shares insights on privacy operations and critical privacy controls in SaaS. Swathi emphasizes the importance of collaboration, robust incident response plans, and data lifecycle management. She also highlights the need for identity and access control and the challenges of normalizing incident response across different SaaS platforms. Swathi's leadership philosophy is collaborative and pace-setting, and she emphasizes the importance of stress management.

Takeaways

Learn from rejection and seek feedback to improveBuild long-term relationships with mentors and create a personal advisory boardWhen building a SaaS security program, focus on addressing misconfigurations, ensuring visibility and access control, and meeting compliance needsAsk about backup and explore risk scoring for vendors. Managing vendor risk requires close collaboration with privacy, legal, and contract partners.Incident response in SaaS applications shares foundational principles with traditional on-prem software, but there are differences in data snapshotting and managing dependencies.Privacy operations can be operationalized by focusing on identity, access control, and data lifecycle management.Leadership should be collaborative, open to ideas, and adaptable to different situations.Stress management is crucial for effective leadership and should be acknowledged and actively managed.

Links
Privacy Operations Template
Swathi's LI Profile

Chapters

00:00 Navigating Career Challenges and Learning from Rejection
08:13 The Role of Mentors in Career Growth
15:26 Building a Strong SaaS Security Program
21:20 Meeting Compliance Needs in a SaaS Environment
21:56 Backup and Risk Scoring for SaaS Vendors
22:38 Managing Vendor Risk
26:12 Improving Vulnerability Management through Third Parties
26:35 Navigating Incident Response in SaaS Applications
34:03 Operationalizing Privacy Operations in SaaS
40:50 The Importance of Collaboration in Leadership
43:04 Managing Stress for Effective Leadership

Secure applications from code to cloud.
Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).

Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.