Page 150 - Cyber Defense eMagazine January 2023
P. 150
organization needs to carefully consider how to allocate the various costs involved in keeping your clients’
information secure. You’ll need to get pricing on implementing layered security as most SaaS vendors
need at least three different security layers to protect their customer data from external threats. These
are basic infrastructure layers consisting of cloud data storage platforms, hosting companies, and internal
servers.
You’ll need to:
▪ Install robust data encryption software
▪ Deploy virus and malware protection programs at every level of access
▪ Provide training for your team and customers on how to handle data securely
▪ Backup your customer data and store the backups in multiple locations and formats
▪ Consult a third-party cybersecurity firm to conduct regular testing of your systems
▪ Pay for external party auditors
Every company that contributes to the SaaS product you offer will need at least the same level of security
and compliance all the way down the chain. Since the chain starts with your company, you must budget
for the expense of ensuring your security is watertight.
Q #3: Do we have enough human resources to handle security and compliance needs?
We’re all waiting for the day artificial intelligence can handle everything, but that’s still a fair way off. Right
now, your SaaS organization will still need to have enough human resources to carry out critical security
functions. These include:
▪ Implementing security controls on devices. Administrators must install data encryption
programs, configure firewalls and antivirus protection, and monitor intrusion detection systems.
According to Verizon's 2022 Data Breaches Investigations Report, 82% of all data breaches
involve a human element, so implementing robust security controls reduces the risk of such
incidents.
▪ Managing vulnerabilities. These controls include risk assessments to determine the probability
and impact of threats and vulnerability assessments to uncover weaknesses and identify
additional measures to reduce the danger posed by these vulnerabilities. Diagnostic tools and
artificial intelligence can assist with much of this, but human resources are still needed to make
final decisions and implement the processes.
▪ Running background checks on your employees. In many cases, employees can deliberately
expose information—for example, by misconfiguring databases or allowing cyber criminals to
access the organization's systems. Without running background checks, companies leave
themselves vulnerable to employing bad actors.
▪ Onboarding and offboarding of employees. Follow best practices for onboarding and
offboarding employees to prevent increasing your cybersecurity risks. New employees should be
trained in cybersecurity adapted to their entry level, understanding, and experience, and given
only essential access initially. Exiting employees should undergo exit interviews, and the
cybersecurity team should establish an offboarding program. This program should include
Cyber Defense eMagazine – January 2023 Edition 150
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
