IDC PeerScape: Practices to Leverage SaaS Securely in the Modern Enterprise
This IDC PeerScape offers guidance on how to develop a strategy for mitigating the security risks of third-party SaaS apps. Drawing on the experiences of IT and cybersecurity leaders who manage large portfolios of third-party SaaS applications at major enterprises, it identifies best practices for ensuring that businesses can take full advantage of SaaS apps to meet their software needs without encountering undue security risks."In the context of securing third-party SaaS apps, tools alone do relatively little. CIOs, CISOs, and other business leaders must also establish rigorous policies and procedures to manage risks in SaaS applications they depend on," says Christopher Tozzi, adjunct research advisor for IDC's IT Executive Programs (IEP).
Please Note: Extended description available upon request.
IDC PeerScape Figure
Executive Summary
Peer Insights
Practice 1: Require SaaS Vendors to Document Security Practices, Especially for High-Stakes Apps
Challenge
Examples
Higher Education
Professional Services Enterprise
Retailer
Guidance
Practice 2: Monitor for Use of Unsanctioned SaaS Apps, Using CASBs and Similar Tools
Challenge
Examples
Higher Education
Professional Services Enterprise
Retailer
Guidance
Practice 3: Expand Your Security Toolset to Include CASBs, SASE, and Other Solutions Purpose Built for SaaS
Challenge
Examples
Higher Education
Professional Services Enterprise
Retailer
Guidance
Practice 4: Require SaaS Vendors to Demonstrate Their Plans for Minimizing Downtime