This is a guest post by Gaurav “GP” Pal, CEO at stackArmor
I recently had an opportunity to present at the Boston AWS Boston Meetup on a topic that’s been in my sights for a while now – “State of SaaS Security, Common mistakes and AWS Security Best Practices”. The entire presentation is up at the Slideshare link at the end of this post.
Why should we care about SaaS security? More businesses are moving online than ever before.
It’s no wonder that the regulators, like the SEC and the FTC are taking notice and claiming jurisdiction in cases where corporate entities have (potentially) exposed customer data because of poor security practices. All this has, of course, meant that security has now become a key concern of the board. They are worried not only about Compliance, which is onerous in itself but also about the effectiveness of their security policies.
One would think that with security so much in focus, and the recent data breaches at large firms like Target, Sony and many others would cause everyone to take notice and start taking security seriously. But clearly this is still work in progress. Based on my experience here are some underlying reasons for a weak security posture:
I presented a set of common security mistakes that such organizations make (this is reproduced below)
As you can see, several of these are easily fixable and ironically, at very little cost too. The key, in my opinion, is for security to be seen in the organization as a core business issue rather than as a problem for the “IT guys” to handle. The CEO has to proactively provide the direction and make security an ongoing effort rather than wait for the time when firefighting becomes inevitable.
The audience within the Meetup was extremely engaged and the following key themes emerged from the discussion:
Clearly, as the recent court cases and fines levied by regulators such as SEC and FTC have shown, the cost of lax cybersecurity procedures and policies is going to start hurting the bottom line.
So, go ahead and visit the Slideshare link below for the full presentation, or better yet write to me at gpal at stackarmor dot com if you have any inputs or questions. Let me leave you though with an appropriate quote from H Stanley Judd, “The ultimate security is your understanding of reality.” He was probably not talking of the Cloud but there is no denying it makes sense.
http://www.slideshare.net/sgpal/aws-security-best-practices-saas-and-compliance